Package Details: dnsproxy-adguard 0.23.3-1

Git Clone URL: https://aur.archlinux.org/dnsproxy-adguard.git (read-only, click to copy)
Package Base: dnsproxy-adguard
Description: Simple DNS proxy with DoH, DoT, and DNSCrypt support by AdguardTeam
Upstream URL: https://github.com/AdguardTeam/dnsproxy
Licenses: Apache
Submitter: edward-p
Maintainer: edward-p
Last Packager: edward-p
Votes: 3
Popularity: 0.57
First Submitted: 2019-03-26 03:33
Last Updated: 2019-12-20 10:52

Pinned Comments

kenjar commented on 2019-10-17 13:58

See below for a more secure systemd service. Sandboxed.

[Unit] Description=Simple DNS proxy with DoH, DoT, and DNSCrypt support by AdguardTeam After=network.target

[Service]

User=nobody Group=nobody ProtectSystem=strict

NoNewPrivileges=true PrivateTmp=true PrivateDevices=true ProtectKernelTunables=true ProtectKernelModules=true ProtectControlGroups=true RestrictAddressFamilies=AF_UNIX AF_INET RestrictNamespaces=true LockPersonality=true MemoryDenyWriteExecute=true RemoveIPC=true

blacklist

SystemCallFilter=@clock @cpu-emulation @debug @ipc @keyring @module @mount @obsolete @privileged @reboot @setuid @swap @timer

SystemCallFilter=accept accept4 access arch_prctl bind brk clock_gettime clone close connect dup2 epoll_create1 epoll_ctl epoll_pwait execve exit exit_group fadvise64 fallocate fcntl fork fstat fsync ftruncate futex getdents64 getegid geteuid getgid getpeername getpid getrandom getsockname getsockopt gettid getuid inotify_add_watch inotify_init1 inotify_rm_watch ioctl kill listen lseek madvise mkdir mmap mprotect munmap nanosleep newfstatat open openat pipe pipe2 poll pread64 prlimit64 pwrite64 read readlink readlinkat readv recvfrom rename rmdir rt_sigaction rt_sigprocmask rt_sigreturn sched_getaffinity sched_yield select sendto set_robust_list set_tid_address setgid setsid setsockopt setuid shutdown sigaltstack socket stat umask uname unlink write writev sendmsg recvmsg ppoll sendmmsg recvmmsg

SystemCallErrorNumber=EKILL # change to eperm if ytou like

ExecStart=/usr/bin/dnsproxy-adguard -l 192.168.1.2 -p 0 --https-port 2343 -t 2313 --cache -s -e 33554432 -u sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 -u tls://176.103.130.130 -u tls://dns.adguard.com

32mb cache

[Install] WantedBy=default.target

Latest Comments

kenjar commented on 2019-10-17 13:58

See below for a more secure systemd service. Sandboxed.

[Unit] Description=Simple DNS proxy with DoH, DoT, and DNSCrypt support by AdguardTeam After=network.target

[Service]

User=nobody Group=nobody ProtectSystem=strict

NoNewPrivileges=true PrivateTmp=true PrivateDevices=true ProtectKernelTunables=true ProtectKernelModules=true ProtectControlGroups=true RestrictAddressFamilies=AF_UNIX AF_INET RestrictNamespaces=true LockPersonality=true MemoryDenyWriteExecute=true RemoveIPC=true

blacklist

SystemCallFilter=@clock @cpu-emulation @debug @ipc @keyring @module @mount @obsolete @privileged @reboot @setuid @swap @timer

SystemCallFilter=accept accept4 access arch_prctl bind brk clock_gettime clone close connect dup2 epoll_create1 epoll_ctl epoll_pwait execve exit exit_group fadvise64 fallocate fcntl fork fstat fsync ftruncate futex getdents64 getegid geteuid getgid getpeername getpid getrandom getsockname getsockopt gettid getuid inotify_add_watch inotify_init1 inotify_rm_watch ioctl kill listen lseek madvise mkdir mmap mprotect munmap nanosleep newfstatat open openat pipe pipe2 poll pread64 prlimit64 pwrite64 read readlink readlinkat readv recvfrom rename rmdir rt_sigaction rt_sigprocmask rt_sigreturn sched_getaffinity sched_yield select sendto set_robust_list set_tid_address setgid setsid setsockopt setuid shutdown sigaltstack socket stat umask uname unlink write writev sendmsg recvmsg ppoll sendmmsg recvmmsg

SystemCallErrorNumber=EKILL # change to eperm if ytou like

ExecStart=/usr/bin/dnsproxy-adguard -l 192.168.1.2 -p 0 --https-port 2343 -t 2313 --cache -s -e 33554432 -u sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 -u tls://176.103.130.130 -u tls://dns.adguard.com

32mb cache

[Install] WantedBy=default.target

bjo commented on 2019-09-16 15:13

Thanks.

edward-p commented on 2019-09-16 02:34

@bjo

Done. If you want to change the parameters, use sudo systemctl edit dnsproxy-adguard.service with

[Service]
ExecStart=
ExecStart=/usr/bin/dnsproxy-adguard <your params>

bjo commented on 2019-09-15 19:23

Could you provide a service file?