I’m attempting to configure an anonymized DNS service using dnscrypt-proxy2, routed through the Tor network. I believe I have everything needed for it to work, but that does not seem to be the case. The DNS resolution is fine, but it’s not being proxied through Tor as desired.

 services.resolved.enable = false;
 services.dnscrypt-proxy2 = {
   enable = true;
   settings = {
     ipv6_servers = config.networking.enableIPv6;
     block_ipv6 = !(config.networking.enableIPv6);
     listen_addresses = ["127.0.0.1:53" "[::1]:53"];
     force_tcp = true;

     use_syslog = false;
     odoh_servers = true;
     require_dnssec = true;
     require_nolog = false;
     require_nofilter = true;

     anonymized_dns = {
       routes = [
         {
           server_name = "*";
           via = ["anon-plan9-dns" "anon-v.dnscrypt.up-ipv4"];
         }
       ];
       skip_incompatible = true;
     };

     sources.public-resolvers = {
       urls = [
         "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
         "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
       ];
       cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
       minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
     };

     block_unqualified = true;
     block_undelegated = true;
     proxy = "socks5://127.0.0.1:9050";
   };
 };

 systemd.services.dnscrypt-proxy2.serviceConfig = {
   StateDirectory = "dnscrypt-proxy";
 };
    useDHCP = false;
    enableIPv6 = true;
    nameservers = [
      "127.0.0.1"
      "::1"
    ];
    networkmanager.enable = true;
    networkmanager.dns = "none";
  services.tor = {
    enable = true;
    enableGeoIP = false;
    torsocks.enable = true;
    client = {
      enable = true;
    };
  };
  • TeaTastic@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    4 months ago

    The simplified sequence diagram really helps to picture it. I’ll PM you with the logs.