Disclaimer : I’m the author of this project.

🚀 Privacy DNS Chooser Script v1.0 “Snow Breeze” Release!

Project source code : https://github.com/rollsicecream/privacy-dns-chooser

Dear Community,

I’m thrilled to announce the official release of the Privacy DNS Chooser Script v1.0, code-named “Snow Breeze”! This marks a significant milestone in my journey to simplify the process of enabling DNS-over-TLS with privacy-focused DNS providers on Linux systems using systemd-resolved.

Key Highlights:

  • User-Friendly Setup: Easily configure DNS-over-TLS with a seamless and intuitive CLI Interface
  • Privacy-Focused Providers: Choose from trusted DNS providers like Quad9, Mullvad DNS, and NextDNS (more coming soon!)
  • Enhanced Security: DNS-over-TLS is enabled by default for a more secure online experience.

How to Get Started:

  1. Ensure you have systemd-resolved installed on your Linux system.
  2. Download the script from GitHub.
  3. Run the script with sudo to set up your preferred DNS provider.

Your Feedback Matters:

We value your feedback! Share your experience, report issues, or suggest improvements on GitHub Issues. Your insights help us refine and enhance the Privacy DNS Chooser Script.

Spread the Word:

Help us reach more users by sharing the news! Talk about it, share on your favorite forums, and let your community know about the release.

Thank you!

    • _s10e@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      Have you looked into how existing software handles captive portals. I believe, both Ubuntu (or Gnome or Network-Manager) and Firefox do check for such portals and detect real internet access. (They simple poll some URL http://detectportal.vendor.com and check for the expected return code. Portals usually redirect.)

      Now I’m thinking, what if this check could trigger a change to the DNS configuration. That is use DoT when internet is available, otherwise fall back to DHCP announced DNS

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        That is neat! It is a specific response so it should work.

        #!/bin/bash
        
        # Function to set insecure DNS
        function insecure-dns() {
          # Backup the original resolved.conf file
          cp /etc/systemd/resolved.conf /etc/systemd/resolved.conf.bak
        
          # Modify resolved.conf to disable custom DNS, DoT, and DNSSEC
          sed -i 's/^DNS=.*/#DNS=/; s/^Domains=.*/#Domains=/; s/^DNSOverTLS=.*/#DNSOverTLS=/; s/^DNSSEC=.*/#DNSSEC=/' /etc/systemd/resolved.conf
        
          # Restart systemd-resolved
          systemctl restart systemd-resolved
        }
        
        # Function to set secure DNS
        function secure-dns() {
          # Restore the original resolved.conf file
          mv /etc/systemd/resolved.conf.bak /etc/systemd/resolved.conf
        
          # Restart systemd-resolved
          systemctl restart systemd-resolved
        }
        
        while true; do
          response=$(curl -sI captive.test.com | head -n 1 | cut -d' ' -f2)
        
          if [ "$response" == "200" ]; then
            insecure-dns
            xdg-open captive.test.com
            sleep 30
            # something to wait until window is closed, otherwise spam!
          else
            secure-dns
          fi
        
          sleep 5
        done
        

        This should work. What would be needed is to track the process of the login and only continue when the window is closed again.