Comments (8)
We'll try to do something, but just be aware that what everybody measures is the access time from your computer to the server. How long it takes the server to bring in the response varies widely from server to server. So, you can have a 50ms server access time, and the server will take 2 more seconds to bring in the response.
In FDNS at startup we test the access time for two random servers and pick the fastest one. It usually stays under 80ms. Then, if you run "fdns --monitor", we keep a moving average of the last few responses, and this is usually under 1 second. You look on the first line in the monitor:
$ fdns --monitor
127.1.1.1 dnscrypt-ca2 ENCRYPTED (DoH 647.53 ms, 170 s)
requests 74, drop 18, cache 31, fwd 0, fallback 0
The 647.53 ms is your average number. 170 is how often we send a keepalive request to keep the TLS connection going.
The fastest server ever is probably Cloudflare. They do it by synchronizing DNS caches between various geographical locations in their network.
from fdns.
Can I run fdns inside firejail?
And /etc/resolve.conf to namesever 127.0.0.1:with different port as standard port?
from fdns.
Can I run fdns inside firejail?
https://github.com/netblue30/firejail/blob/master/etc/profile-a-l/fdns.profile
If you use systemd, it is suggested to use the systemd service.
And /etc/resolve.conf to namesever 127.0.0.1:with different port as standard port?
The format of /etc/resolv.conf
is explained in man 5 resovl.conf
. (spoiler: no)
For IPv4 IDC as you have a complete class A subnet. However for IPv6 you have only ::1
, if you need to use IPv6 for any reason, it can be annoying that there is no option to use an other port.
from fdns.
I cant run fdns without root user, because port-range is under 1024.
How I can run fdns as different user than root?
I need it for user rights hardening.
from fdns.
How I can run fdns as different user than root?
You can't. fdns requires root privileges in order to sandbox it's resolver processes.
Lines 407 to 410 in dd69da4
So you need to become root first, see #51 and https://github.com/rusty-snake/fdns4users.
from fdns.
How I can run fdns as different user than root?
You can't. fdns requires root privileges in order to sandbox it's resolver processes.
Lines 407 to 410 in dd69da4
So you need to become root first, see #51 and https://github.com/rusty-snake/fdns4users.
could you remove this id 0 if and else?
because dnscrypt-proxy runs well in firejail with non root user when your port range is above 1024.
You can redirect port 53 to another port like i do with iptables
This is my workaround to avoid root user with dnscrypt:
iptables -t nat -A OUTPUT -p tcp --dport domain -j DNAT --to-destination 127.0.0.1:8000
iptables -t nat -A OUTPUT -p udp --dport domain -j DNAT --to-destination 127.0.0.1:8000
could you remove this ID 0 if and else too?
thanks and
best regards
from fdns.
We'll try to do something, but just be aware that what everybody measures is the access time from your computer to the server. How long it takes the server to bring in the response varies widely from server to server. So, you can have a 50ms server access time, and the server will take 2 more seconds to bring in the response.
In FDNS at startup we test the access time for two random servers and pick the fastest one. It usually stays under 80ms. Then, if you run "fdns --monitor", we keep a moving average of the last few responses, and this is usually under 1 second. You look on the first line in the monitor:
$ fdns --monitor 127.1.1.1 dnscrypt-ca2 ENCRYPTED (DoH 647.53 ms, 170 s) requests 74, drop 18, cache 31, fwd 0, fallback 0
The 647.53 ms is your average number. 170 is how often we send a keepalive request to keep the TLS connection going.
The fastest server ever is probably Cloudflare. They do it by synchronizing DNS caches between various geographical locations in their network.
Not in my case from Europe, for me is libredns fastest response lower responserate than Cloudflare doh.
from fdns.
because dnscrypt-proxy runs well in firefail with non root user when your port range is above 1024.
This is not dnscrypt-proxy.
You can redirect port 53 to another port like i do with iptables
I think we should add something like a --port=5353
option.
could you remove this id 0 if and else?
Removing the check that displays a error message does not make things work because
fdns requires root privileges
from fdns.
Related Issues (20)
- Update service ports for Quad9 DNS services HOT 1
- FDNS available for other platform ? HOT 5
- build from git master broken HOT 2
- Failed to start Firejail DoH Proxy Server on Raspberry PI (boot) HOT 8
- Fedora: "Failed to enable unit: Unit file fdns.service does not exist." HOT 4
- fdns and network sandbox - how to get them work together ? HOT 4
- fdns resolver processes getting killed by seccomp - syscall 270 (pselect6) HOT 6
- fdns too many in-addr.arpa (PTR), dropped
- linux mint 21
- creative commons redirects to a domain listed in adblocker
- Add support for libssl 3?
- fdns resolver process 0 killed by seccomp - syscall 11 (munmap) HOT 1
- How to report false positives? HOT 1
- warning: 'ERR_load_BIO_strings' is deprecated: Since OpenSSL 3.0
- fdns does not properly whitelist websites with an electron app HOT 4
- Latest coinblocker list update contains invalid entrees HOT 1
- Removal of blocklist HOT 4
- tests cannot be run in buildroot HOT 1
- Re-enable systemd service file installation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fdns.