Disclaimer : I’m the author of this project.
🚀 Privacy DNS Chooser Script v1.0 “Snow Breeze” Release!
Project source code : https://github.com/rollsicecream/privacy-dns-chooser
Dear Community,
I’m thrilled to announce the official release of the Privacy DNS Chooser Script v1.0, code-named “Snow Breeze”! This marks a significant milestone in my journey to simplify the process of enabling DNS-over-TLS with privacy-focused DNS providers on Linux systems using systemd-resolved.
Key Highlights:
- User-Friendly Setup: Easily configure DNS-over-TLS with a seamless and intuitive CLI Interface
- Privacy-Focused Providers: Choose from trusted DNS providers like Quad9, Mullvad DNS, and NextDNS (more coming soon!)
- Enhanced Security: DNS-over-TLS is enabled by default for a more secure online experience.
How to Get Started:
- Ensure you have systemd-resolved installed on your Linux system.
- Download the script from GitHub.
- Run the script with sudo to set up your preferred DNS provider.
Your Feedback Matters:
We value your feedback! Share your experience, report issues, or suggest improvements on GitHub Issues. Your insights help us refine and enhance the Privacy DNS Chooser Script.
Spread the Word:
Help us reach more users by sharing the news! Talk about it, share on your favorite forums, and let your community know about the release.
Ok. I will see that! If you have a GitHub account. You can make an issue right now, so tracking the issue would be better for me. Or I could do that myself.
Edit : I have made a prototype that I could release it soon as an alpha. When it gets released, your goal is to test in a place where captive portals are present. Sadly, the script won’t be automatic but requires user interaction.
Edit 2 : it is now available as alpha on the releases page.
Cool!
Have you looked into how existing software handles captive portals. I believe, both Ubuntu (or Gnome or Network-Manager) and Firefox do check for such portals and detect real internet access. (They simple poll some URL http://detectportal.vendor.com and check for the expected return code. Portals usually redirect.)
Now I’m thinking, what if this check could trigger a change to the DNS configuration. That is use DoT when internet is available, otherwise fall back to DHCP announced DNS
That is neat! It is a specific response so it should work.
#!/bin/bash # Function to set insecure DNS function insecure-dns() { # Backup the original resolved.conf file cp /etc/systemd/resolved.conf /etc/systemd/resolved.conf.bak # Modify resolved.conf to disable custom DNS, DoT, and DNSSEC sed -i 's/^DNS=.*/#DNS=/; s/^Domains=.*/#Domains=/; s/^DNSOverTLS=.*/#DNSOverTLS=/; s/^DNSSEC=.*/#DNSSEC=/' /etc/systemd/resolved.conf # Restart systemd-resolved systemctl restart systemd-resolved } # Function to set secure DNS function secure-dns() { # Restore the original resolved.conf file mv /etc/systemd/resolved.conf.bak /etc/systemd/resolved.conf # Restart systemd-resolved systemctl restart systemd-resolved } while true; do response=$(curl -sI captive.test.com | head -n 1 | cut -d' ' -f2) if [ "$response" == "200" ]; then insecure-dns xdg-open captive.test.com sleep 30 # something to wait until window is closed, otherwise spam! else secure-dns fi sleep 5 doneThis should work. What would be needed is to track the process of the login and only continue when the window is closed again.
I have edited the release page for the alpha. I have modified the file to correct a bug and add the deletion of the backup file when the operation is finished and also restart systemd-resolved service.