Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/juju4/ansible-dnscrypt-proxy

Allow to encrypt dns traffic to a central dns server in order to provide better privacy.
https://github.com/juju4/ansible-dnscrypt-proxy

Last synced: 2 months ago
JSON representation

Allow to encrypt dns traffic to a central dns server in order to provide better privacy.

Awesome Lists containing this project

README

        

[![Actions Status - Master](https://github.com/juju4/ansible-dnscrypt-proxy/workflows/AnsibleCI/badge.svg)](https://github.com/juju4/ansible-dnscrypt-proxy/actions?query=branch%3Amaster)
[![Actions Status - Devel](https://github.com/juju4/ansible-dnscrypt-proxy/workflows/AnsibleCI/badge.svg?branch=devel)](https://github.com/juju4/ansible-dnscrypt-proxy/actions?query=branch%3Adevel)

# dnscrypt proxy ansible role

Ansible role to setup dnscrypt proxy
Allow to encrypt dns traffic to a central dns server in order to provide better privacy.

## Requirements & Dependencies

### Ansible
It was tested on the following versions:
* 1.9
* 2.0
* 2.2
* 2.3
* 2.10

### Operating systems

Tested on Ubuntu 18.04, 20.04, 22.04 and Centos 7-8
Vagrant, Kitchen test and Github Action available

### Dependencies

None

## Example Playbook

Just include this role in your list.
For example

```
- host: myhost
roles:
- juju4.dnscrypt-proxy
```

If you want to use it with a dns cacher
```
- hosts: test-dnscrypt-unbound
vars:
...
roles:
- juju4.dnscrypt-proxy
- jdauphant.unbound
```
(see test/integration/default/default.yml)
would result in
system -> unbound (127.0.0.1:53) -> dnscrypt-proxy (127.0.0.2:53) -> dnscrypt.eu-dk
as described in https://github.com/jedisct1/dnscrypt-proxy/issues/161

## Variables

## Continuous integration

you can test this role with test kitchen.
In the role folder, run
```
$ gem install kitchen-ansible kitchen-lxd_cli kitchen-sync kitchen-vagrant
$ cd /path/to/roles/juju4.dnscrypt-proxy
$ kitchen verify
$ kitchen login
$ KITCHEN_YAML=".kitchen.vagrant.yml" kitchen verify
```

Known bugs
* Inconsistent results over space and time
Test failed or not sometimes but when trying later, it works...

## Troubleshooting & Known issues

## Known issues

* No additional security is provided. Review
It's recommended to use with a caching dns server

* Firewall
port tcp/443 and udp/443 should be opened

* Monitoring
http://dns.measurement-factory.com/tools/nagios-plugins/check_zone_rrsig_expiration.html
http://www.bortzmeyer.org/monitor-dnssec.html

## License

BSD 2-clause