anarres - ANti Authoritarian Recursive RESolver

2022-03-18 17:39:28 +01:00 · 2022-03-18 17:39:28 +01:00 · aaa63c6b8b
commit aaa63c6b8b
parent ff480248a6
5 changed files with 73 additions and 0 deletions
--- a/Network/README.md
+++ b/Network/README.md
@ -5,3 +5,45 @@
 ## [TCP investigation](https://git.lattuga.net/netico/code-library/src/master/Network/Investigation)

 In the [Investigation](https://git.lattuga.net/netico/code-library/src/master/Network/Investigation) folder you can find a **bash** script to analyze **active TCP connections** on a **GNU/Linux** system.
+
+## [anarres](anarres): **AN**ti **A**uthoritarian **R**ecursive **RES**olver
+
+### How to avoid censorship at the DNS level?
+
+[**Tor**](https://www.torproject.org/) provides a built-in **DNS forwarder**.
+
+This is a minimal **Docker** container that uses a local caching DNS server ([**dnsmasq**](https://dnsmasq.org)) which will compensate for **TorDNS** being a little slower than traditional DNS servers.
+
+### Usage
+
+Build it using:
+
+    docker build --pull --rm -f Dockerfile -t anarres:latest .
+
+Run it using:
+
+    docker run --rm -d -p 53:53/udp anarres:latest
+
+Test it using:
+
+    dig @127.0.0.1 cr.yp.to
+
+Expected output:
+
+    ; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> @127.0.0.1 cr.yp.to
+    ; (1 server found)
+    ;; global options: +cmd
+    ;; Got answer:
+    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35649
+    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
+
+    ;; QUESTION SECTION:
+    ;cr.yp.to. IN A
+
+    ;; ANSWER SECTION:
+    cr.yp.to. 3600 IN A 131.193.32.109
+
+    ;; Query time: 278 msec
+    ;; SERVER: 127.0.0.1#53(127.0.0.1)
+    ;; WHEN: Fri Mar 18 17:13:00 CET 2022
+    ;; MSG SIZE  rcvd: 42
--- a/Network/anarres/Dockerfile
+++ b/Network/anarres/Dockerfile
@ -0,0 +1,11 @@
+FROM alpine:3.15
+RUN apk -U upgrade && \ 
+  apk add --no-cache bash && \
+  apk add --no-cache sudo && \
+  apk add --no-cache tor && \
+  apk add --no-cache dnsmasq
+COPY ./torrc.config /anarres/
+COPY ./dnsmasq.config /anarres/
+COPY ./start.sh /anarres/
+ENTRYPOINT [ "/anarres/start.sh" ] 
+EXPOSE 53/udp
--- a/Network/anarres/dnsmasq.config
+++ b/Network/anarres/dnsmasq.config
@ -0,0 +1,5 @@
+# Configuration file for dnsmasq.
+
+port=53
+no-resolv
+server=127.0.0.1#5353
--- a/Network/anarres/start.sh
+++ b/Network/anarres/start.sh
@ -0,0 +1,9 @@
+#!/bin/bash
+
+# On Docker for Linux, the IP address of the gateway between
+# the Docker host and the bridge network is 172.17.0.1
+# if you are using default networking
+IPADDRESS=$(ip -4 -o address | grep eth0 | cut -d/ -f1 | awk {'print $4'})
+
+sudo -u tor tor -f /anarres/torrc.config &
+dnsmasq --conf-file=/anarres/dnsmasq.config --listen-address=$IPADDRESS --no-daemon
--- a/Network/anarres/torrc.config
+++ b/Network/anarres/torrc.config
@ -0,0 +1,6 @@
+# Tor
+
+SOCKSPort 0
+DataDirectory /var/lib/tor
+DNSPort 5353
+AutomapHostsOnResolve 1