Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 97 lines (94 sloc) 3.59 kB
248796f @jedisct1 Initial public release.
jedisct1 authored
1 .\" generated with Ronn/v0.7.3
2 .\" http://github.com/rtomayko/ronn/tree/0.7.3
3 .
a8a3ad5 @jedisct1 Introduce hostip(8), a tool for resolving a name before dnscrypt-prox…
jedisct1 authored
4 .TH "DNSCRYPT\-PROXY" "8" "July 2012" "" ""
248796f @jedisct1 Initial public release.
jedisct1 authored
5 .
6 .SH "NAME"
7 \fBdnscrypt\-proxy\fR \- A DNSCrypt forwarder
8 .
9 .SH "SYNOPSIS"
10 \fBdnscrypt\-proxy\fR [\fIoptions\fR]
11 .
12 .SH "DESCRIPTION"
d33ce14 @jedisct1 Rewrite using libevent instead of libuv.
jedisct1 authored
13 \fBdnscrypt\-proxy\fR accepts DNS requests, authenticates and encrypts them using dnscrypt and forwards them to a remote dnscrypt\-enabled resolver\.
248796f @jedisct1 Initial public release.
jedisct1 authored
14 .
15 .P
d33ce14 @jedisct1 Rewrite using libevent instead of libuv.
jedisct1 authored
16 Replies from the resolver are expected to be authenticated and encrypted or else they will be discarded\.
248796f @jedisct1 Initial public release.
jedisct1 authored
17 .
18 .P
d33ce14 @jedisct1 Rewrite using libevent instead of libuv.
jedisct1 authored
19 The proxy verifies the replies, decrypts them, and transparently forwards them to the local stub resolver\.
248796f @jedisct1 Initial public release.
jedisct1 authored
20 .
21 .P
22 \fBdnscrypt\-proxy\fR listens to \fB127\.0\.0\.1\fR / port \fB53\fR by default\.
23 .
24 .SH "WARNING"
25 \fBdnscrypt\-proxy\fR is not a DNS cache\. Unless your operating system already provides a decent built\-in cache (and by default, most systems don\'t), clients shouldn\'t directly send requests to \fBdnscrypt\-proxy\fR\.
26 .
27 .P
28 Intead, run a DNS cache like \fBUnbound\fR, and configure it to use \fBdnscrypt\-proxy\fR as a forwarder\. Both can safely run on the same machine as long as they use different IP addresses and/or different ports\.
29 .
30 .SH "OPTIONS"
31 .
32 .IP "\(bu" 4
2f5522e @jedisct1 Deprecate --local-port and --resolver-port
jedisct1 authored
33 \fB\-a\fR, \fB\-\-local\-address=<ip>[:port]\fR: what local IP the daemon will listen to, with an optional port\. The default port is 53\.
248796f @jedisct1 Initial public release.
jedisct1 authored
34 .
35 .IP "\(bu" 4
36 \fB\-d\fR, \fB\-\-daemonize\fR: detach from the current terminal and run the server in background\.
37 .
38 .IP "\(bu" 4
39 \fB\-e\fR, \fB\-\-edns\-payload\-size=<bytes>\fR: transparently add an OPT pseudo\-RR to outgoing queries in order to enable the EDNS0 extension mechanism\. The payload size is the size of the largest response we accept from the resolver before retrying over TCP\. This feature is enabled by default, with a payload size of 1280 bytes\. Any value below 512 disables it\.
40 .
41 .IP "\(bu" 4
42 \fB\-h\fR, \fB\-\-help\fR: show usage\.
43 .
44 .IP "\(bu" 4
45 \fB\-k\fR, \fB\-\-provider\-key=<key>\fR: specify the provider public key (see below)\.
46 .
47 .IP "\(bu" 4
48 \fB\-l\fR, \fB\-\-logfile=<file>\fR: log events to this file instead of the standard output\.
49 .
50 .IP "\(bu" 4
51 \fB\-n\fR, \fB\-\-max\-active\-requests=<count>\fR: set the maximum number of simultaneous active requests\. The default value is 250\.
52 .
53 .IP "\(bu" 4
54 \fB\-p\fR, \fB\-\-pidfile=<file>\fR: write the PID number to a file\.
55 .
56 .IP "\(bu" 4
2f5522e @jedisct1 Deprecate --local-port and --resolver-port
jedisct1 authored
57 \fB\-r\fR, \fB\-\-resolver\-address=<ip>[:port]\fR: a DNSCrypt\-capable resolver IP address with an optional port\. The default port is 443\.
248796f @jedisct1 Initial public release.
jedisct1 authored
58 .
59 .IP "\(bu" 4
60 \fB\-u\fR, \fB\-\-user=<user name>\fR: chroot(2) to this user\'s home directory and drop privileges\.
61 .
62 .IP "\(bu" 4
63 \fB\-N\fR, \fB\-\-provider\-name=<FQDN>\fR: the fully\-qualified name of the dnscrypt certificate provider\.
64 .
65 .IP "\(bu" 4
6ed7a06 @jedisct1 Drop the --tcp-port= switch, and introduce --resolver-port= and --tcp…
jedisct1 authored
66 \fB\-T\fR, \fB\-\-tcp\-only\fR: always use TCP\. A connection made using UDP will get a truncated response, so that the (stub) resolver retries using TCP\.
67 .
68 .IP "\(bu" 4
248796f @jedisct1 Initial public release.
jedisct1 authored
69 \fB\-V\fR, \fB\-\-version\fR: show version number\.
70 .
71 .IP "" 0
72 .
73 .P
74 A public key is 256\-bit long, and it has to be specified as a hexadecimal string, with optional columns\.
75 .
76 .SH "SIMPLE USAGE EXAMPLE"
77 .
78 .nf
79
80 $ dnscrypt\-proxy \-\-daemonize
81 .
82 .fi
83 .
84 .SH "ADVANCED USAGE EXAMPLE"
85 .
86 .nf
87
b12196d @jedisct1 Regen man pages
jedisct1 authored
88 $ dnscrypt\-proxy \-\-provider\-key=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79 \-\-provider\-name=2\.dnscrypt\-cert\.dnscrypt\.org\. \-\-resolver\-address=208\.67\.220\.220:53 \-\-daemonize
248796f @jedisct1 Initial public release.
jedisct1 authored
89 .
90 .fi
91 .
a8a3ad5 @jedisct1 Introduce hostip(8), a tool for resolving a name before dnscrypt-prox…
jedisct1 authored
92 .SH "SEE ALSO"
93 hostip(8)
94 .
248796f @jedisct1 Initial public release.
jedisct1 authored
95 .SH "COPYRIGHT"
20f537d @jedisct1 2012 & regen man page
jedisct1 authored
96 dnscrypt\-proxy is Copyright (C) 2011\-2012 OpenDNS, Inc\. \fBhttp://www\.opendns\.com/\fR
Something went wrong with that request. Please try again.