From 3653654efc30e8a5cd0888515ed42233d5a5b68c Mon Sep 17 00:00:00 2001 From: Kegan Myers Date: Sat, 10 Oct 2020 11:46:29 -0500 Subject: [PATCH] initial commit --- .dockerignore | 4 ++++ Dockerfile | 7 ++++++ Jenkinsfile | 21 ++++++++++++++++++ cloaking-rules.txt | 0 dnscrypt-proxy.toml | 53 ++++++++++++++++++++++++++++++++++++++++++++ forwarding-rules.txt | 0 6 files changed, 85 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile create mode 100644 Jenkinsfile create mode 100644 cloaking-rules.txt create mode 100644 dnscrypt-proxy.toml create mode 100644 forwarding-rules.txt diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..76be0bd --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +* +!dnscrypt-proxy.toml +!cloaking-rules.txt +!forwarding-rules.txt diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d0e9370 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:3.12 + +RUN apk add --no-cache dnscrypt-proxy +ADD . /data +WORKDIR /data + +CMD dnscrypt-proxy diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..b0d5e63 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,21 @@ +pipeline { + agent any + stages { + stage('build') { + steps { + checkout scm + script { + sh 'git rev-parse HEAD > commit' + def gitCommit = readFile('commit').trim() + def registryHost = "registry.terrible.network" + def imageName = "${registryHost}/terribleplan/doh-stub-dnscrypt-proxy" + + def app = docker.build("${imageName}:${gitCommit}") + docker.withRegistry("https://${registryHost}", "registry-terrible-network") { + app.push("latest") + } + } + } + } + } +} diff --git a/cloaking-rules.txt b/cloaking-rules.txt new file mode 100644 index 0000000..e69de29 diff --git a/dnscrypt-proxy.toml b/dnscrypt-proxy.toml new file mode 100644 index 0000000..404451f --- /dev/null +++ b/dnscrypt-proxy.toml @@ -0,0 +1,53 @@ +server_names = ['cloudflare'] +listen_addresses = ['0.0.0.0:53'] +max_clients = 250 +ipv4_servers = true +ipv6_servers = false +dnscrypt_servers = false +doh_servers = true +force_tcp = false +timeout = 5000 +keepalive = 60 +blocked_query_response = 'hinfo' +lb_strategy = 'ph' +log_level = 2 +log_file = '/dev/stdout' +use_syslog = false +cert_refresh_delay = 240 +# DoH: Disable TLS session tickets - increases privacy but also latency +tls_disable_session_tickets = false +fallback_resolvers = ['1.1.1.1:53', '9.9.9.9:53', '8.8.8.8:53'] +ignore_system_dns = true +netprobe_timeout = 60 +netprobe_address = '8.8.8.8:53' +offline_mode = false +log_files_max_size = 0 +log_files_max_age = 0 +log_files_max_backups = 0 +block_ipv6 = true +block_unqualified = true +block_undelegated = true +reject_ttl = 600 +forwarding_rules = '/data/forwarding-rules.txt' +cloaking_rules = '/data/cloaking-rules.txt' +cloak_ttl = 60 +cache = true +cache_size = 16384 +cache_min_ttl = 2400 +cache_max_ttl = 86400 +cache_neg_min_ttl = 60 +cache_neg_max_ttl = 600 +[local_doh] +[query_log] +[nx_log] +[schedules] +[sources] + [sources.'public-resolvers'] + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md'] + cache_file = 'public-resolvers.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + prefix = '' +[broken_implementations] +fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security'] +[anonymized_dns] +[static] diff --git a/forwarding-rules.txt b/forwarding-rules.txt new file mode 100644 index 0000000..e69de29