Dnscrypt on Sailfish

answered 2019-08-04 12:13:36 +0200

kan_ibal
41 ●2 ●4 ●5

updated 2019-08-04 12:15:25 +0200

There is a possibility already but not as easy as one click/touch. From https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.25 download linux-arm version dnscrypt-proxy-linux_arm-2.0.25.tar.gz then extract files from tar.gz to /tmp

tar -xzvf ./dnscrypt-proxy-linux_arm-2.0.25.tar.gz -C /tmp

set attribute

chmod +x /tmp/linux-arm/dnscrypt-proxy

then install dnscrypt-proxy service

/tmp/linux-arm/dnscrypt-proxy -service install

edit dnscrypt-proxy conf file according your needs

/etc/dnscrypt-proxy/dnscrypt-proxy.toml

next step is to disable connman build dns proxy, create file

touch /var/lib/environment/connamn/nodnsproxy.conf

echo 'CONNMAN_ARGS=--nodnsproxy' >var/lib/environment/connamn/nodnsproxy.conf

and force connman to use local dnscrypt-proxy DNS address for network connections, I prefer to set it globaly, for example for all wifi connections edit

/home/.system/var/lib/connman/settings

and in [WiFi] section add

Nameservers=127.0.0.1;

then restart connmand service

systemctl restart connamnd

and run dnscrypt-proxy service

systemctl start dnscrypt-proxy

answered 2019-08-04 15:52:31 +0200

wickedsp1d3r
533 ●14 ●23 ●25

updated 2019-08-04 16:01:33 +0200

Another way to disable ConnMan's DNS proxy is to override its systemd service.

1. Create a folder named "connman.service.d" to /etc/systemd/system/
2. Put a file named "override.conf" to the folder with the following content:

[Service]
ExecStart=
ExecStart=/usr/sbin/connmand -n -W nl80211 --nobacktrace --systemd --noplugin=wifi --nodnsproxy $SYSCONF_ARGS $CONNMAN_ARGS

I also make /etc/resolv.conf immutable by issuing chattr +i /etc/resolv.conf.