当前位置:Linux学习笔记 > Linux 软件 > 正文

提高DNSCrypt安全,隐私和匿名 RandomDNS



  • Randomize the provider at runtime

  • Use (-E)phemeral keys option

  • Securely run DNSCrypt proxy by verifying its hash, copying it in
    /tmp dir with restricted permissions and launching it as “nobody” user
    (if reverse proxy is enabled)

  • Watch the proxy process and relaunch it if it dies

  • Can run multiple instances of DNSCrypt and load balance the traffic (EdgeDNS)

  • Have in-memory caching of DNS requests along with Consistent Hashing (EdgeDNS)

  • Can filter the server list by protocols, country and much more

  • Rotate the server with a defined time (default: 10 minutes)

  • Support DNSSEC (EdgeDNS)


  1. Update Brew: brew update && brew upgrade

  2. Install DNSCrypt + Node + NPM: brew install dnscrypt-proxy node npm

  3. Download and run RandomDNS: npm install -g randomdns && sudo DEBUG=* randomdns

  4. Set your DNS settings to


      ___               __           ___  _  ______
     / _ \___ ____  ___/ /__  __ _  / _ \/ |/ / __/
    / , _/ _ `/ _ \/ _  / _ \/  ' \/ // /    /\ \  

     Usage: run [options] [file]


       -h, --help                              output usage information
       -V, --version                           output the version number
       -L, --listenOn [string]                 Listen on a specific interface/port [default:]
       -R, --rotationTime [int]                Define the time to wait before rotating the server (in seconds) [default: 600 seconds]
       -P, --reverseProxy [bool]               Enable EdgeDNS reverse proxy [default: false]
       --reverseProxyChildStartPort [int]      Where childrens (dnscrypt-proxy processes) should start incrementing the port? (will work only if reverseProxy is enabled) [default: 51000]
       -T, --threads [int]                     Number of childs to spawn, set to 1 to disable load balacing (will work only if reverseProxy is enabled) [default: 4]
       -F, --filters [string]                  Use filters [default: IPv6=false;]
       --filters-help                          Get full list of available filters.
       -b, --binaryDNSCryptFile [string]       Use custom DNSCrypt binary, will not work until --binaryDNSCryptFileSignature is changed.
       --binaryDNSCryptFileSignature [string]  SHA512 hash of the DNSCrypt binary.
       -b, --binaryEdgeDNSFile [string]        Use custom EdgeDNS binary, will not work until --binaryEdgeDNSFileSignature is changed.
       --binaryEdgeDNSFileSignature [string]   SHA512 hash of the EdgeDNS binary.
       -r, --resolverListFile [string]         Use custom DNSCrypt resolver list file, will not work until --resolverListFileSignature is changed.
       --resolverListFileSignature [string]    SHA512 hash of the DNSCrypt resolver list file.


  • Add filters: by country, by port

  • Scramble monitoring of DNS traffic by sending fake DNS requests randomly

未经允许不得转载:Linux学习笔记 » 提高DNSCrypt安全,隐私和匿名 RandomDNS

赞 (0)
分享到:更多 ()