Enable DnsCrypt on your Ubuntu machine

For mirroring purposes, this is a working copy-paste of https://madebits.github.io/#blog/2014/2014-12-12-Using-DNSCrypt-on-Ubuntu-14.04.md

DNSCrypt enables making encrypted DNS quires to the DNS providers that support it. There is PPA for DnsCrypt for Ubuntu, but it is not maintained at the time of this writing and it has no binary for Ubuntu 14.04 LTS. To install DNSCryp I used these steps, that I tried on Lubuntu 14.04 LTS:

  • Visit DNSCryp PPA packages and download libsodium for trusty and dnscrypt-proxy for saucy (I used the 64 bit version for my machine, you may need the 32 bit versions).
  • I used gdebi-gtk tool to install first libsodium4_0.4.5-0~trusty5_amd64.deb and then dnscrypt-proxy_1.4.0-0~oldconf2+saucy1_amd64.deb (you can also use dpkg -i).
  • dnscrypt-proxy runs then locally in address 127.0.0.2 on port 53 (use netstat -tuplen to verify).
  • The default DNSCryp PPA package apparmor profile prevents Ubuntu 14.04 from shutting down. To fix that I edited it (sudo leafpad /etc/apparmor.d/usr.sbin.dnscrypt-proxy) and replacing its content with the following:
 # Last Modified: Tue Dec 02 22:20:12 2014

  #include <tunables/global>

  /usr/sbin/dnscrypt-proxy {
    #include <abstractions/base>

    network inet stream,
    network inet6 stream,
    network inet dgram,
    network inet6 dgram,

    capability net_admin,
    capability net_bind_service,
    capability setgid,
    capability setuid,
    capability sys_chroot,
    capability ipc_lock,

    /bin/false r,
    /etc/ld.so.cache r,
    /etc/nsswitch.conf r,
    /etc/passwd r,

  # In case of custom libsodium installation
    /usr/local/lib/{@{multiarch}/,}libsodium.so* mr,

  # Reasonable pidfile location - tweak this if you prefer a different one
    /run/dnscrypt-proxy.pid rw,

  }

(Ed.) You may want to which libsodium4 and which dnscrypt-proxy and check the actual paths.

  • Optional: dnscrypt-proxy configuration for the init service daemon is found in /etc/default/dnscrypt-proxy. The parameters (with — added) are documented in man dnscrypt-proxy. I edited /etc/default/dnscrypt-proxy as root to specify an alternative DNS server. The list of the official available servers can be found in GitHub, or locally in /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv. To verify that a given server works use dig -p 443 @176.56.237.171 google.com (replace ip and port as needed). If you edit /etc/default/dnscrypt-proxy, you should run sudo restart dnscrypt-proxy afterwards.
  • Verify that dnscrypt-proxy runs by using ps -ef | grep dnscrypt. Then verify it can resolve addresses by using dig @127.0.0.2 google.com (if you configured tcp-only for dnscrypt-proxy then use dig +vc @127.0.0.2 google.com).
  • If all ok, you can replace you current DNS servers in the Network Manager UI. If you use DHCP, select Automatic (DHCP) addresses only, and set the 127.0.0.2 in Additional DNS servers. Once done, run sudo service network-manager restart for it to take effect. Verify the server used with nm-tool | grep -i dns.

End of copy-paste. You could download the latest package of dnscrypt-proxy and libsodium and compile it locally – best advice so far.

Advertisements

Repair/configure a RunAbove snapshot (clone) booted as a new server

If you clone (make a snapshot) of a CentOS 6 in your RunAbove ControlPanel, you might encounter difficulties placing it online. This is due to the fact that a snapshot is literally a clone, therefore cloning IP and MAC addresses onto the new server. To overcome this, we should…

  1. Check your old MAC address `ifconfig -a`.
  2. Login into the new server via VNC and do a `ifconfig -a`
    • your interface will show up as `eth1` at this very moment.
    • go to `/etc/udev/rules.d/70-persistant-net.rules`.
  3. Confront the two interfaces eth1/eth0 and
    • delete or comment out `eth0`
    • modify the `eth1` to `eth0` parameter  on the line where you MAC (HWaddr) address resembles the `ifconfig -a` on the cloned server
  4. Reboot and voila, you’re online.
  5. Some modifications need to be made
    1. `/etc/hostname` and enter the corresponding hostname + IP address
    2. run `hostname your.new.hostname`
    3. `service network restart` or reboot

Shortcut: simply delete the /etc/udev/rules.d/70-persistant-net.rules file and reboot :)

Don’t forget! You’re ssh keys will be cloned too. Fork the old putty config for the new server and simply change the IP address. You may want to generate a new login key and add it to .ssh/authorized_keys!