52f0553209
The dnscrypt-proxy service relays regular DNS queries to a DNSCrypt enabled upstream resolver. The traffic between the client and the upstream resolver is encrypted and authenticated, which may mitigate the risk of MITM attacks and third-party snooping (assuming a trustworthy upstream). Though dnscrypt-proxy can run as a standalone DNS client, the recommended setup is to use it as a forwarder for a caching DNS client. To use dnscrypt-proxy as a forwarder for dnsmasq, do ```nix { # ... networking.nameservers = [ "127.0.0.1" ]; networking.dhcpcd.extraConfig = "nohook resolv.conf"; services.dnscrypt-proxy.enable = true; services.dnscrypt-proxy.localAddress = "127.0.0.1"; services.dnscrypt-proxy.port = 40; services.dnsmasq.enable = true; services.dnsmasq.extraConfig = '' no-resolv server=127.0.0.1#40 listen-address=127.0.0.1 ''; # ... } ``` |
||
---|---|---|
.. | ||
config | ||
hardware | ||
installer | ||
misc | ||
profiles | ||
programs | ||
security | ||
services | ||
system | ||
tasks | ||
testing | ||
virtualisation | ||
module-list.nix | ||
rename.nix |