RandomDNS aims to improve the security, privacy and anonymity of DNSCrypt. It can randomize the server choice at runtime and can rotate it frequently.
DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.
More informations at https://dnscrypt.org/
- Randomize the provider at runtime
- Use (-E)phemeral keys option
- Securely run DNSCrypt proxy by verifying its hash, copying it in /tmp dir with restricted permissions and launching it as "nobody" user (if reverse proxy is enabled)
- Watch the proxy process and relaunch it if it dies
- Can run multiple instances of DNSCrypt and load balance the traffic (EdgeDNS)
- Have in-memory caching of DNS requests along with Consistent Hashing (EdgeDNS)
- Can filter the server list by protocols, country and much more
- Rotate the server with a defined time (default: 10 minutes)
- Support DNSSEC (EdgeDNS)
- Update Brew:
brew update && brew upgrade
- Install DNSCrypt + Node + NPM:
brew install dnscrypt-proxy node npm
- Download and run RandomDNS:
npm install -g randomdns && sudo DEBUG=* randomdns
- Set your DNS settings to 127.0.0.1
___ __ ___ _ ______/ _ \___ ____ ___/ /__ __ _ / _ \/ |/ / __// , _/ _ `/ _ \/ _ / _ \/ ' \/ // / /\ \/_/|_|\_,_/_//_/\_,_/\___/_/_/_/____/_/|_/___/Usage: run [options] [file]Options:-h, --help output usage information-V, --version output the version number-L, --listenOn [string] Listen on a specific interface/port [default: 127.0.0.1:53]-R, --rotationTime [int] Define the time to wait before rotating the server (in seconds) [default: 600 seconds]-P, --reverseProxy [bool] Enable EdgeDNS reverse proxy [default: false]--reverseProxyChildStartPort [int] Where childrens (dnscrypt-proxy processes) should start incrementing the port? (will work only if reverseProxy is enabled) [default: 51000]-T, --threads [int] Number of childs to spawn, set to 1 to disable load balacing (will work only if reverseProxy is enabled) [default: 4]-F, --filters [string] Use filters [default: IPv6=false;]--filters-help Get full list of available filters.-b, --binaryDNSCryptFile [string] Use custom DNSCrypt binary, will not work until --binaryDNSCryptFileSignature is changed.--binaryDNSCryptFileSignature [string] SHA512 hash of the DNSCrypt binary.-b, --binaryEdgeDNSFile [string] Use custom EdgeDNS binary, will not work until --binaryEdgeDNSFileSignature is changed.--binaryEdgeDNSFileSignature [string] SHA512 hash of the EdgeDNS binary.-r, --resolverListFile [string] Use custom DNSCrypt resolver list file, will not work until --resolverListFileSignature is changed.--resolverListFileSignature [string] SHA512 hash of the DNSCrypt resolver list file.
- Add filters: by country, by port
- Scramble monitoring of DNS traffic by sending fake DNS requests periodically and randomly. The main idea would be to retrieve the 1 million top websites of Alexa and then resolve subdomains by using subbrute subdomain list. Full database might be hosted as gzip(JSON(domain names)) on a CDN and hash on GitHub.