-
Notifications
You must be signed in to change notification settings - Fork 1k
Cloaking
Cloaking is a HOSTS
(or /etc/hosts
) file on steroids.
An example is worth a thousands words:
example.com 192.168.2.37
The above rule means that dnscrypt-proxy
will return 192.168.2.37
as a response to a query for example.com
or even www.example.com
.
Maybe the actual IP address of this name is totally different. But the proxy will override it, and not even send the query to the DNS resolver. It will directly send an response with this IP to all clients.
The domain doesn't even have to exist: the IP will be returned as if it did.
This can be extremely useful if you develop websites and want to test them using their real name, while directing the traffic to your local computer.
Cloaking supports all filter patterns. So, the following are valid as well:
*.example.com 192.168.2.37
=example.com 127.0.0.1
*.example.* 127.0.0.2
example.* 127.0.0.3
example[0-9]* 127.0.0.4
Instead of IP addresses, names can also be cloaked to other names:
example.com example.net
This will return the IP address of example.net
as a response to a query for example.com
.
A more practical example is:
www.google.* forcesafesearch.google.com
This returns the IP address of forcesafesearch.google.com
for queries to www.google.*
, which is a way to force Google to return only "family-safe" results.
Target names are resolved and CNAME
records are flattened. If the IP address for a target changes, the new IP will be automatically be picked up.
Unlike HOSTS
files, dnscrypt-proxy
's cloaking module can scale to large number of rules with no significant speed penalty.
In somecases if you want to run dnscrypt-proxy as a non-root user you'll get the error "[FATAL] listen udp 0.0.0.0:53: bind: permission denied"
to solve this problem you can run the following command and allow dnscrypt to have access to a low level port :
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features