Disclaimer : I’m the author of this project.

🚀 Privacy DNS Chooser Script v1.0 “Snow Breeze” Release!

Project source code : https://github.com/rollsicecream/privacy-dns-chooser

Dear Community,

I’m thrilled to announce the official release of the Privacy DNS Chooser Script v1.0, code-named “Snow Breeze”! This marks a significant milestone in my journey to simplify the process of enabling DNS-over-TLS with privacy-focused DNS providers on Linux systems using systemd-resolved.

Key Highlights:

  • User-Friendly Setup: Easily configure DNS-over-TLS with a seamless and intuitive CLI Interface
  • Privacy-Focused Providers: Choose from trusted DNS providers like Quad9, Mullvad DNS, and NextDNS (more coming soon!)
  • Enhanced Security: DNS-over-TLS is enabled by default for a more secure online experience.

How to Get Started:

  1. Ensure you have systemd-resolved installed on your Linux system.
  2. Download the script from GitHub.
  3. Run the script with sudo to set up your preferred DNS provider.

Your Feedback Matters:

We value your feedback! Share your experience, report issues, or suggest improvements on GitHub Issues. Your insights help us refine and enhance the Privacy DNS Chooser Script.

Spread the Word:

Help us reach more users by sharing the news! Talk about it, share on your favorite forums, and let your community know about the release.

Thank you!

  • Baritone5371@kbin.socialOP
    link
    fedilink
    arrow-up
    0
    ·
    11 months ago

    Ok. I will see that! If you have a GitHub account. You can make an issue right now, so tracking the issue would be better for me. Or I could do that myself.

    Edit : I have made a prototype that I could release it soon as an alpha. When it gets released, your goal is to test in a place where captive portals are present. Sadly, the script won’t be automatic but requires user interaction.

    Edit 2 : it is now available as alpha on the releases page.

      • _s10e@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        Have you looked into how existing software handles captive portals. I believe, both Ubuntu (or Gnome or Network-Manager) and Firefox do check for such portals and detect real internet access. (They simple poll some URL http://detectportal.vendor.com and check for the expected return code. Portals usually redirect.)

        Now I’m thinking, what if this check could trigger a change to the DNS configuration. That is use DoT when internet is available, otherwise fall back to DHCP announced DNS

        • Pantherina@feddit.de
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          That is neat! It is a specific response so it should work.

          #!/bin/bash
          
          # Function to set insecure DNS
          function insecure-dns() {
            # Backup the original resolved.conf file
            cp /etc/systemd/resolved.conf /etc/systemd/resolved.conf.bak
          
            # Modify resolved.conf to disable custom DNS, DoT, and DNSSEC
            sed -i 's/^DNS=.*/#DNS=/; s/^Domains=.*/#Domains=/; s/^DNSOverTLS=.*/#DNSOverTLS=/; s/^DNSSEC=.*/#DNSSEC=/' /etc/systemd/resolved.conf
          
            # Restart systemd-resolved
            systemctl restart systemd-resolved
          }
          
          # Function to set secure DNS
          function secure-dns() {
            # Restore the original resolved.conf file
            mv /etc/systemd/resolved.conf.bak /etc/systemd/resolved.conf
          
            # Restart systemd-resolved
            systemctl restart systemd-resolved
          }
          
          while true; do
            response=$(curl -sI captive.test.com | head -n 1 | cut -d' ' -f2)
          
            if [ "$response" == "200" ]; then
              insecure-dns
              xdg-open captive.test.com
              sleep 30
              # something to wait until window is closed, otherwise spam!
            else
              secure-dns
            fi
          
            sleep 5
          done
          

          This should work. What would be needed is to track the process of the login and only continue when the window is closed again.