Install DNSCrypt dan dnsmasq di debian 7
Salah satu cara membypass blokir isp, kita membikin dns forwarder sendiri, karena pihak isp melakukan transparent dns, berapaun ip dns yg kita pasang di dns forwarder kita, tetap akan masuk ke dns isp yang teleh terfilter, padahan filter tsb belum tentu pas.....karena dns mamakai port 53 dan pihak isp me redirect port 53 ke dns mereka..... beberapa masalah yang timbul karena proses transpareny ini menyebabkan PTR record ip untuk mail sever kita menjadi salah.... rbl dan cbl seperti spamhaus dan baracuda tidak bisa berjalan... krn PTR selalu salah dan mail server kita tidak bisa terima email...
DNSCrypt adalah dns yang traficnya di encrypt dan sebagian DNSCrypt server memakai port 443 gampangnya dns forwarder kita melakukan tuneling ke dns server lain
sayang blm ada DNSCrypt di mikrotik....
1. Siapkan dependencies /paket dibutuhkan untuk compile dan install DNSCrypt dan libsodium
apt-get clean all; apt-get update; apt-get install build-essential
apt-get install libtool automake
karena libsodium blm ada di debian kita harus menginstall nya dulu dari source
root@dns:~#wget --no-check-certificate https://download.libsodium.org/libsodium/releases/libsodium-1.0.8.tar.gz
root@dns:~#tar zxvf libsodium-1.0.8.tar.gz
root@dns:~#cd libsodium-1.0.8
root@dns:~#./configure
root@dns:~#make
root@dns:~#make install
root@dns:~#wget --no-check-certificate http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.6.0.tar.gz
root@dns:~#tar zxvf dnscrypt-proxy-1.6.0.tar.gz
root@dns:~#cd dnscrypt-proxy-1.6.0
root@dns:~#./configure
root@dns:~#make
root@dns:~#make install
note ada eror pas configure
configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details
configure: error: ./configure failed for src/libevent-modified
jalankan
root@dns:~#echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf; ldconfig
trus configure ulang
root@dns:~#./configure ...dst...
untuk menjalankan pilih salah satu saja
root@dns:~#dnscrypt-proxy -R cisco -a 127.0.0.1:5353 --daemonize
root@dns:~#dnscrypt-proxy -R dnscrypt.eu-nl -a 127.0.0.1:5353 --daemonize
root@dns:~#dnscrypt-proxy -R cloudns-can -a 127.0.0.1:5353 --daemonize
root@dns:~#dnscrypt-proxy -R cloudns-syd -a 127.0.0.1:5354 --daemonize
edit /etc/resolv.conf menjadi
nameserver 127.0.0.1
2. Install dnsmasq
root@dns:~#apt-get install dnsmasq
edit /etc/dnsmasq.conf
domain-needed
bogus-priv
domain=local.net
expand-hosts
server=127.0.0.1#5353
restart service dnsmasq
root@dns:~#service dnsmasq restart
root@dns:~#service dnsmasq start
root@dns:~#service dnsmasq stop
ini hasil testing
root@dns:~# ping google.com
PING google.com (216.58.211.78) 56(84) bytes of data.
64 bytes from par03s14-in-f78.1e100.net (216.58.211.78): icmp_req=2 ttl=44 time=318 ms
64 bytes from par03s14-in-f78.1e100.net (216.58.211.78): icmp_req=3 ttl=44 time=318 ms
64 bytes from par03s14-in-f78.1e100.net (216.58.211.78): icmp_req=5 ttl=44 time=318 ms
^C
root@dns:~#ping www.playboy.com
PING g.global-ssl.fastly.net (185.31.17.65) 56(84) bytes of data.
64 bytes from 185.31.17.65: icmp_req=1 ttl=47 time=375 ms
64 bytes from 185.31.17.65: icmp_req=2 ttl=49 time=367 ms
64 bytes from 185.31.17.65: icmp_req=3 ttl=49 time=365 ms
^C
silahkan ganti ip dns mail server dengan ip dns forwarder kita sendiri....
untuk test bisa dig gmail.com txt
fal@mail:~> dig gmail.com txt
; <<>> DiG 9.9.6-P1 <<>> gmail.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24356
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 16
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gmail.com. IN TXT
;; ANSWER SECTION:
gmail.com. 300 IN TXT "v=spf1 redirect=_spf.google.com"
kalau belum normal tidak jawaban di txt yg kita minta
fal@tux:~> dig gmail.com txt
; <<>> DiG 9.9.6-P1 <<>> gmail.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19673
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gmail.com. IN TXT
;; Query time: 0 msec
;; SERVER: 10.10.1.1#53(10.10.1.1)
;; WHEN: Tue May 24 10:14:05 WIB 2016
;; MSG SIZE rcvd: 27
DNSCrypt adalah dns yang traficnya di encrypt dan sebagian DNSCrypt server memakai port 443 gampangnya dns forwarder kita melakukan tuneling ke dns server lain
sayang blm ada DNSCrypt di mikrotik....
1. Siapkan dependencies /paket dibutuhkan untuk compile dan install DNSCrypt dan libsodium
apt-get clean all; apt-get update; apt-get install build-essential
apt-get install libtool automake
karena libsodium blm ada di debian kita harus menginstall nya dulu dari source
root@dns:~#wget --no-check-certificate https://download.libsodium.org/libsodium/releases/libsodium-1.0.8.tar.gz
root@dns:~#tar zxvf libsodium-1.0.8.tar.gz
root@dns:~#cd libsodium-1.0.8
root@dns:~#./configure
root@dns:~#make
root@dns:~#make install
root@dns:~#wget --no-check-certificate http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.6.0.tar.gz
root@dns:~#tar zxvf dnscrypt-proxy-1.6.0.tar.gz
root@dns:~#cd dnscrypt-proxy-1.6.0
root@dns:~#./configure
root@dns:~#make
root@dns:~#make install
note ada eror pas configure
configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details
configure: error: ./configure failed for src/libevent-modified
jalankan
root@dns:~#echo /usr/local/lib > /etc/ld.so.conf.d/usr_local_lib.conf; ldconfig
trus configure ulang
root@dns:~#./configure ...dst...
untuk menjalankan pilih salah satu saja
root@dns:~#dnscrypt-proxy -R cisco -a 127.0.0.1:5353 --daemonize
root@dns:~#dnscrypt-proxy -R dnscrypt.eu-nl -a 127.0.0.1:5353 --daemonize
root@dns:~#dnscrypt-proxy -R cloudns-can -a 127.0.0.1:5353 --daemonize
root@dns:~#dnscrypt-proxy -R cloudns-syd -a 127.0.0.1:5354 --daemonize
edit /etc/resolv.conf menjadi
nameserver 127.0.0.1
2. Install dnsmasq
root@dns:~#apt-get install dnsmasq
edit /etc/dnsmasq.conf
domain-needed
bogus-priv
domain=local.net
expand-hosts
server=127.0.0.1#5353
restart service dnsmasq
root@dns:~#service dnsmasq restart
root@dns:~#service dnsmasq start
root@dns:~#service dnsmasq stop
ini hasil testing
root@dns:~# ping google.com
PING google.com (216.58.211.78) 56(84) bytes of data.
64 bytes from par03s14-in-f78.1e100.net (216.58.211.78): icmp_req=2 ttl=44 time=318 ms
64 bytes from par03s14-in-f78.1e100.net (216.58.211.78): icmp_req=3 ttl=44 time=318 ms
64 bytes from par03s14-in-f78.1e100.net (216.58.211.78): icmp_req=5 ttl=44 time=318 ms
^C
root@dns:~#ping www.playboy.com
PING g.global-ssl.fastly.net (185.31.17.65) 56(84) bytes of data.
64 bytes from 185.31.17.65: icmp_req=1 ttl=47 time=375 ms
64 bytes from 185.31.17.65: icmp_req=2 ttl=49 time=367 ms
64 bytes from 185.31.17.65: icmp_req=3 ttl=49 time=365 ms
^C
silahkan ganti ip dns mail server dengan ip dns forwarder kita sendiri....
untuk test bisa dig gmail.com txt
fal@mail:~> dig gmail.com txt
; <<>> DiG 9.9.6-P1 <<>> gmail.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24356
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 16
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gmail.com. IN TXT
;; ANSWER SECTION:
gmail.com. 300 IN TXT "v=spf1 redirect=_spf.google.com"
kalau belum normal tidak jawaban di txt yg kita minta
fal@tux:~> dig gmail.com txt
; <<>> DiG 9.9.6-P1 <<>> gmail.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19673
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gmail.com. IN TXT
;; Query time: 0 msec
;; SERVER: 10.10.1.1#53(10.10.1.1)
;; WHEN: Tue May 24 10:14:05 WIB 2016
;; MSG SIZE rcvd: 27
