Disclaimer : I’m the author of this project.

🚀 Privacy DNS Chooser Script v1.0 “Snow Breeze” Release!

Project source code : https://github.com/rollsicecream/privacy-dns-chooser

Dear Community,

I’m thrilled to announce the official release of the Privacy DNS Chooser Script v1.0, code-named “Snow Breeze”! This marks a significant milestone in my journey to simplify the process of enabling DNS-over-TLS with privacy-focused DNS providers on Linux systems using systemd-resolved.

Key Highlights:

  • User-Friendly Setup: Easily configure DNS-over-TLS with a seamless and intuitive CLI Interface
  • Privacy-Focused Providers: Choose from trusted DNS providers like Quad9, Mullvad DNS, and NextDNS (more coming soon!)
  • Enhanced Security: DNS-over-TLS is enabled by default for a more secure online experience.

How to Get Started:

  1. Ensure you have systemd-resolved installed on your Linux system.
  2. Download the script from GitHub.
  3. Run the script with sudo to set up your preferred DNS provider.

Your Feedback Matters:

We value your feedback! Share your experience, report issues, or suggest improvements on GitHub Issues. Your insights help us refine and enhance the Privacy DNS Chooser Script.

Spread the Word:

Help us reach more users by sharing the news! Talk about it, share on your favorite forums, and let your community know about the release.

Thank you!

  • _s10e@feddit.de
    link
    fedilink
    arrow-up
    2
    ·
    11 months ago

    Have you looked into how existing software handles captive portals. I believe, both Ubuntu (or Gnome or Network-Manager) and Firefox do check for such portals and detect real internet access. (They simple poll some URL http://detectportal.vendor.com and check for the expected return code. Portals usually redirect.)

    Now I’m thinking, what if this check could trigger a change to the DNS configuration. That is use DoT when internet is available, otherwise fall back to DHCP announced DNS

    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      That is neat! It is a specific response so it should work.

      #!/bin/bash
      
      # Function to set insecure DNS
      function insecure-dns() {
        # Backup the original resolved.conf file
        cp /etc/systemd/resolved.conf /etc/systemd/resolved.conf.bak
      
        # Modify resolved.conf to disable custom DNS, DoT, and DNSSEC
        sed -i 's/^DNS=.*/#DNS=/; s/^Domains=.*/#Domains=/; s/^DNSOverTLS=.*/#DNSOverTLS=/; s/^DNSSEC=.*/#DNSSEC=/' /etc/systemd/resolved.conf
      
        # Restart systemd-resolved
        systemctl restart systemd-resolved
      }
      
      # Function to set secure DNS
      function secure-dns() {
        # Restore the original resolved.conf file
        mv /etc/systemd/resolved.conf.bak /etc/systemd/resolved.conf
      
        # Restart systemd-resolved
        systemctl restart systemd-resolved
      }
      
      while true; do
        response=$(curl -sI captive.test.com | head -n 1 | cut -d' ' -f2)
      
        if [ "$response" == "200" ]; then
          insecure-dns
          xdg-open captive.test.com
          sleep 30
          # something to wait until window is closed, otherwise spam!
        else
          secure-dns
        fi
      
        sleep 5
      done
      

      This should work. What would be needed is to track the process of the login and only continue when the window is closed again.