Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/juju4/ansible-dnscrypt-proxy
Allow to encrypt dns traffic to a central dns server in order to provide better privacy.
https://github.com/juju4/ansible-dnscrypt-proxy
Last synced: 2 months ago
JSON representation
Allow to encrypt dns traffic to a central dns server in order to provide better privacy.
- Host: GitHub
- URL: https://github.com/juju4/ansible-dnscrypt-proxy
- Owner: juju4
- License: bsd-2-clause
- Created: 2016-04-10T02:13:06.000Z (almost 9 years ago)
- Default Branch: main
- Last Pushed: 2023-12-11T04:48:51.000Z (about 1 year ago)
- Last Synced: 2024-02-14T21:57:37.086Z (11 months ago)
- Language: Shell
- Size: 218 KB
- Stars: 5
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[![Actions Status - Master](https://github.com/juju4/ansible-dnscrypt-proxy/workflows/AnsibleCI/badge.svg)](https://github.com/juju4/ansible-dnscrypt-proxy/actions?query=branch%3Amaster)
[![Actions Status - Devel](https://github.com/juju4/ansible-dnscrypt-proxy/workflows/AnsibleCI/badge.svg?branch=devel)](https://github.com/juju4/ansible-dnscrypt-proxy/actions?query=branch%3Adevel)# dnscrypt proxy ansible role
Ansible role to setup dnscrypt proxy
Allow to encrypt dns traffic to a central dns server in order to provide better privacy.## Requirements & Dependencies
### Ansible
It was tested on the following versions:
* 1.9
* 2.0
* 2.2
* 2.3
* 2.10### Operating systems
Tested on Ubuntu 18.04, 20.04, 22.04 and Centos 7-8
Vagrant, Kitchen test and Github Action available### Dependencies
None
## Example Playbook
Just include this role in your list.
For example```
- host: myhost
roles:
- juju4.dnscrypt-proxy
```If you want to use it with a dns cacher
```
- hosts: test-dnscrypt-unbound
vars:
...
roles:
- juju4.dnscrypt-proxy
- jdauphant.unbound
```
(see test/integration/default/default.yml)
would result in
system -> unbound (127.0.0.1:53) -> dnscrypt-proxy (127.0.0.2:53) -> dnscrypt.eu-dk
as described in https://github.com/jedisct1/dnscrypt-proxy/issues/161## Variables
## Continuous integration
you can test this role with test kitchen.
In the role folder, run
```
$ gem install kitchen-ansible kitchen-lxd_cli kitchen-sync kitchen-vagrant
$ cd /path/to/roles/juju4.dnscrypt-proxy
$ kitchen verify
$ kitchen login
$ KITCHEN_YAML=".kitchen.vagrant.yml" kitchen verify
```Known bugs
* Inconsistent results over space and time
Test failed or not sometimes but when trying later, it works...## Troubleshooting & Known issues
## Known issues
* No additional security is provided. Review
It's recommended to use with a caching dns server* Firewall
port tcp/443 and udp/443 should be opened* Monitoring
http://dns.measurement-factory.com/tools/nagios-plugins/check_zone_rrsig_expiration.html
http://www.bortzmeyer.org/monitor-dnssec.html## License
BSD 2-clause