document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3392 from geekpi/master

Browse Source 
translated
This commit is contained in:
geekpi 2015-09-27 17:59:42 +08:00
commit bf14eb0896
2 changed files with 173 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

177
sources/tech/20150906 How to Install DNSCrypt and Unbound in Arch Linux.md
View File

@ -1,177 +0,0 @@
translating---geekpi
How to Install DNSCrypt and Unbound in Arch Linux
================================================================================
**DNSCrypt** is a protocol that encrypt and authenticate communications between a DNS client and a DNS resolver. Prevent from DNS spoofing or man in the middle-attack. DNSCrypt are available for most operating system, including Linux, Windows, MacOSX android and iOS. And in this tutorial I'm using archlinux with kernel 4.1.
Unbound is a DNS cache server used to resolve any DNS query received. If the user requests a new query, then unbound will store it as a cache, and when the user requests the same query for the second time, then unbound would take from the cache that have been saved. This will be faster than the first request query.
And now I will try to install "DNSCrypt" to secure the dns communication, and make it faster with dns cache "Unbound".
### Step 1 - Install yaourt ###
Yaourt is one of AUR(Arch User Repository) helper that make archlinux users easy to install a program from AUR. Yaourt use same syntax as pacman, so you can install the program with yaourt. and this is easy way to install yaourt :
1. Edit the arch repository configuration file with nano or vi, stored in a file "/etc/pacman.conf".
$ nano /etc/pacman.conf
2. Add at the bottom line yaourt repository, just paste script below :
[archlinuxfr]
SigLevel = Never
Server = http://repo.archlinux.fr/$arch
3. Save it with press "Ctrl + x" and then "Y".
4. Now update the repository database and install yaourt with pacman command :
$ sudo pacman -Sy yaourt
### Step 2 - Install DNSCrypt and Unbound ###
DNSCrypt and unbound available on archlinux repository, then you can install it with pacman command :
$ sudo pacman -S dnscrypt-proxy unbound
wait it and press "Y" for proceed with installation.
### Step 3 - Install dnscrypt-autoinstall ###
Dnscrypt-autoinstall is A script for installing and automatically configuring DNSCrypt on Linux-based systems. Dnscrypt-autoinstall available in AUR(Arch User Repository), and you must use "yaourt" command to install it :
$ yaourt -S dnscrypt-autoinstall
Note :
-S = it is same as pacman -S to install a software/program.
### Step 4 - Run dnscrypt-autoinstall ###
run the command "dnscrypt-autoinstall" with root privileges to configure DNSCrypt automatically :
$ sudo dnscrypt-autoinstall
Press "Enter" for the next configuration, and then type "y" and choose the DNS provider you want to use, I'm here use DNSCrypt.eu featured with no logs and DNSSEC.
![DNSCrypt autoinstall](http://blog.linoxide.com/wp-content/uploads/2015/08/DNSCrypt-autoinstall.png)
### Step 5 - Configure DNSCrypt and Unbound ###
1. Open the dnscrypt configuration file "/etc/conf.d/dnscrypt-config" and make sure the configuration of "DNSCRYPT_LOCALIP" point to **localhost IP**, and for port configuration "DNSCRYPT_LOCALPORT" it's up to you, I`m here use port **40**.
$ nano /etc/conf.d/dnscrypt-config
DNSCRYPT_LOCALIP=127.0.0.1
DNSCRYPT_LOCALIP2=127.0.0.2
DNSCRYPT_LOCALPORT=40
![DNSCrypt Configuration](http://blog.linoxide.com/wp-content/uploads/2015/08/DNSCryptConfiguration.png)
Save and exit.
2. Now you can edit unbound configuration in "/etc/unbound/". edit the file configuration with nano editor :
$ nano /etc/unbound/unbound.conf
3. Add the following script in the end of line :
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@40
Make sure the "**forward-addr**" port is same with "**DNSCRYPT_LOCALPORT**" configuration in DNSCrypt. You can see the I`m use port **40**.
![Unbound Configuration](http://blog.linoxide.com/wp-content/uploads/2015/08/UnboundConfiguration.png)
and then save and exit.
### Step 6 - Run DNSCrypt and Unbound, then Add to startup/Boot ###
Please run DNSCrypt and unbound with root privileges, you can run with systemctl command :
$ sudo systemctl start dnscrypt-proxy unbound
Add the service at the boot time/startup. You can do it by running "systemctl enable" :
$ sudo systemctl enable dnscrypt-proxy unbound
the command will create the symlink of the service to "/usr/lib/systemd/system/" directory.
### Step 7 - Configure resolv.conf and restart all services ###
Resolv.conf is a file used by linux to configure Domain Name Server(DNS) resolver. it is just plain-text created by administrator, so you must edit by root privileges and make it immutable/no one can edit it.
Edit it with nano editor :
$ nano /etc/resolv.conf
and add the localhost IP "**127.0.0.1**". and now make it immutable with "chattr" command :
$ chattr +i /etc/resolv.conf
Note :
If you want to edit it again, make it writable with command "chattr -i /etc/resolv.conf".
Now yo need to restart the DNSCrypt, unbound and the network :
$ sudo systemctl restart dnscrypt-proxy unbound netctl
If you see the error, check your configuration file.
### Testing ###
1. Test DNSCrypt
You can be sure that DNSCrypt had acted correctly by visiting https://dnsleaktest.com/, then click on "Standard Test" or "Extended Test" and wait the process running.
And now you can see that DNSCrypt is working with DNSCrypt.eu as your DNS provider.
![Testing DNSCrypt](http://blog.linoxide.com/wp-content/uploads/2015/08/TestingDNSCrypt.png)
And now you can see that DNSCrypt is working with DNSCrypt.eu as your DNS provider.
2. Test Unbound
Now you should ensure that the unbound is working correctly with "dig" or "drill" command.
This is the results for dig command :
$ dig linoxide.com
Now see in the results, the "Query time" is "533 msec" :
;; Query time: 533 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 30 14:48:19 WIB 2015
;; MSG SIZE rcvd: 188
and try again with the same command. And you will see the "Query time" is "0 msec".
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 30 14:51:05 WIB 2015
;; MSG SIZE rcvd: 188
![Unbound Test](http://blog.linoxide.com/wp-content/uploads/2015/08/UnboundTest.png)
And in the end DNSCrypt secure communications between the DNS clients and DNS resolver is working perfectly, and then Unbound make it faster if there is the same request in another time by taking the cache that have been saved.
### Conclusion ###
DNSCrypt is a protocol that can encrypt data flow between the DNS client and DNS resolver. DNSCrypt can run on various operating systems, either mobile or desktop. Choose DNS provider also includes something important, choose which provide a DNSSEC and no logs. Unbound can be used as a DNS cache, thus speeding up the resolve process resolv, because Unbound will store a request as the cache, then when a client request same query in the next time, then unbound would take from the cache that have been saved. DNSCrypt and Unbound is a powerful combination for the safety and speed.
--------------------------------------------------------------------------------
via: http://linoxide.com/tools/install-dnscrypt-unbound-archlinux/
作者:[Arul][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arulm/

173
translated/tech/20150906 How to Install DNSCrypt and Unbound in Arch Linux.md Normal file
View File

@ -0,0 +1,173 @@
如何在Arch Linux中安装DNSCrypt和Unbound
================================================================================
**DNSCrypt**是一个用于加密和验证的DNS客户端和一个DNS解析器之间通信的协议。阻止DNS欺骗或中间人攻击。 DNSCrypt可用于大多数的操作系统包括LinuxWindowsMacOSX的Android和iOS。而在本教程中我使用的是内核为4.1的archlinux。
Unbound是用来解析收到的任意DNS查询的DNS缓存服务器。如果用户请求一个新的查询然后unbound将其存储到缓存中并且当用户再次请求相同的请求时unbound将采用已经保存的缓存。这将是第一次请求查询更快。
现在我将尝试安装“DNSCrypt”以确保DNS的通信的安全并用“Unbound”加速。
### 第一步 - 安装yaourt ###
Yaourt是AURARCH用户仓库的辅助使用户能够很容易地从AUR安装程序。 Yaourt和pacman一样使用相同的语法这样你就可以使用yaourt安装该程序。下面是安装yaourt的简单方法
1. 用nano或者vi编辑arch仓库配置文件保存在“/etc/pacman.conf”中。
$ nano /etc/pacman.conf
2. 在底部填上你的yaourt仓库粘贴下面的脚本
[archlinuxfr]
SigLevel = Never
Server = http://repo.archlinux.fr/$arch
3. 用“"Ctrl + x”接着用“Y”保存。
4. 接着升级仓库数据库并用pacman安装yaourt
$ sudo pacman -Sy yaourt
### 第二步 - 安装 DNSCrypt和Unbound ###
DNSCrypt和unbound就在archlinux仓库中你可以用下面的pacman命令安装
$ sudo pacman -S dnscrypt-proxy unbound
接着在安装的过程中按下“Y”。
### 第三步 - 安装 dnscrypt-autoinstall ###
Dnscrypt-autoinstall是一个自动在基于Linux的系统上安装和配置DNSCrypt的脚本。DNSCrypt在AUR中因此你必须使用“yaourt”命令来安装它。
$ yaourt -S dnscrypt-autoinstall
注意 :
-S = 这和pacman -S安装程序一样。
### 第四步 - 运行dnscrypt-autoinstall ###
用root权限运行“dnscrypt-autoinstall”开自动配置DNSCrypt。
$ sudo dnscrypt-autoinstall
下一步中输入“回车”,接着输入"Y"来选择你想使用的DNS提供者我这里使用不带日志和DNSSEC的DNSCrypt.eu。
![DNSCrypt autoinstall](http://blog.linoxide.com/wp-content/uploads/2015/08/DNSCrypt-autoinstall.png)
### 第五步 - 配置DNSCrypt和Unbound ###
1. 打开dnscrypt的“/etc/conf.d/dnscrypt-config” 配置文件中“DNSCRYPT_LOCALIP”指向**本地ip**“DNSCRYPT_LOCALPORT”根据你本人的意愿配置我是用的是**40**端口。
$ nano /etc/conf.d/dnscrypt-config
DNSCRYPT_LOCALIP=127.0.0.1
DNSCRYPT_LOCALIP2=127.0.0.2
DNSCRYPT_LOCALPORT=40
![DNSCrypt Configuration](http://blog.linoxide.com/wp-content/uploads/2015/08/DNSCryptConfiguration.png)
保存并退出。
2. 现在你用nanao编辑器编辑“/etc/unbound/”下unbound的配置文件
$ nano /etc/unbound/unbound.conf
3. 在脚本最后添加下面的行:
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@40
确保**forward-addr**和DNSCrypt中的“**DNSCRYPT_LOCALPORT**”一致。你看见我是用的是**40**端口。
![Unbound Configuration](http://blog.linoxide.com/wp-content/uploads/2015/08/UnboundConfiguration.png)
接着保存并退出。
### 第六步 - 运行DNSCrypt和Unbound接着添加到开机启动中 ###
请用root权限运行DNSCrypt和unbound你可以用systemctl命令来运行
$ sudo systemctl start dnscrypt-proxy unbound
将服务添加到启动中。你可以运行“systemctl enable”
$ sudo systemctl enable dnscrypt-proxy unbound
命令将会创建软链接到“/usr/lib/systemd/system/”目录的服务。
### 第七步 - 配置resolv.conf并重启所有服务 ###
resolv.conf是一个在linux中用于配置DNS解析器的文件。它是一个由管理员创建的纯文本因此你必须用root权限编辑并让它不能被其他人修改。
用nano编辑器编辑
$ nano /etc/resolv.conf
并添加本地IP “**127.0.0.1**”现在用“chattr”命令使他只读
$ chattr +i /etc/resolv.conf
注意:
如果你想要重新编辑用“chattr -i /etc/resolv.conf”加入写权限。
现在你需要重启DNSCrypt和unbound和网络
$ sudo systemctl restart dnscrypt-proxy unbound netctl
如果你看到错误,检查配置文件。
### 测试 ###
1. 测试DNSCrypt
你可以通过https://dnsleaktest.com/来确认DNSCrypt点击“开始测试”或者“扩展测试”并在程序运行期间等待。
现在你可以看到NSCrypt.eu就已经与作为DNS提供商的DNSCrypt协同工作了。
![Testing DNSCrypt](http://blog.linoxide.com/wp-content/uploads/2015/08/TestingDNSCrypt.png)
2. 测试 Unbound
现在你应该确保unbound可以正确地与“dig”和“drill”命令一起工作。
这是dig命令的结果
$ dig linoxide.com
我们现在看下结果“Query time”是“533 msec”
;; Query time: 533 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 30 14:48:19 WIB 2015
;; MSG SIZE rcvd: 188
再次输入命令我们看到“Query time”是“0 msec”。
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 30 14:51:05 WIB 2015
;; MSG SIZE rcvd: 188
![Unbound Test](http://blog.linoxide.com/wp-content/uploads/2015/08/UnboundTest.png)
DNSCrypt加密通信在DNS客户端和解析端工作的很好并且Unbound通过缓存让相同的请求在另一次请求同速度更快。
### 总结 ###
DNSCrypt是一个可以加密DNS客户端和DNS解析器之间的数据流的协议。 DNSCrypt可以在不同的操作系统上运行无论是移动端或桌面端。选择DNS提供商还包括一些重要的事情选择那些提供DNSSEC同时没有日志的。Unbound可被用作DNS缓存从而加快解析过程因为Unbound将请求缓存那么接下来客户端请求相同的查询时unbound将从缓存中取出保存的值。 DNSCrypt和Unbound是针对安全性和速度的一个强大的组合。
--------------------------------------------------------------------------------
via: http://linoxide.com/tools/install-dnscrypt-unbound-archlinux/
作者:[Arul][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arulm/