I’m attempting to configure an anonymized DNS service using dnscrypt-proxy2, routed through the Tor network. I believe I have everything needed for it to work, but that does not seem to be the case. The DNS resolution is fine, but it’s not being proxied through Tor as desired.
services.resolved.enable = false;
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = config.networking.enableIPv6;
block_ipv6 = !(config.networking.enableIPv6);
listen_addresses = ["127.0.0.1:53" "[::1]:53"];
force_tcp = true;
use_syslog = false;
odoh_servers = true;
require_dnssec = true;
require_nolog = false;
require_nofilter = true;
anonymized_dns = {
routes = [
{
server_name = "*";
via = ["anon-plan9-dns" "anon-v.dnscrypt.up-ipv4"];
}
];
skip_incompatible = true;
};
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
block_unqualified = true;
block_undelegated = true;
proxy = "socks5://127.0.0.1:9050";
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
useDHCP = false;
enableIPv6 = true;
nameservers = [
"127.0.0.1"
"::1"
];
networkmanager.enable = true;
networkmanager.dns = "none";
services.tor = {
enable = true;
enableGeoIP = false;
torsocks.enable = true;
client = {
enable = true;
};
};
The simplified sequence diagram really helps to picture it. I’ll PM you with the logs.