Disclaimer : I’m the author of this project.
🚀 Privacy DNS Chooser Script v1.0 “Snow Breeze” Release!
Project source code : https://github.com/rollsicecream/privacy-dns-chooser
Dear Community,
I’m thrilled to announce the official release of the Privacy DNS Chooser Script v1.0, code-named “Snow Breeze”! This marks a significant milestone in my journey to simplify the process of enabling DNS-over-TLS with privacy-focused DNS providers on Linux systems using systemd-resolved.
Key Highlights:
- User-Friendly Setup: Easily configure DNS-over-TLS with a seamless and intuitive CLI Interface
- Privacy-Focused Providers: Choose from trusted DNS providers like Quad9, Mullvad DNS, and NextDNS (more coming soon!)
- Enhanced Security: DNS-over-TLS is enabled by default for a more secure online experience.
How to Get Started:
- Ensure you have systemd-resolved installed on your Linux system.
- Download the script from GitHub.
- Run the script with sudo to set up your preferred DNS provider.
Your Feedback Matters:
We value your feedback! Share your experience, report issues, or suggest improvements on GitHub Issues. Your insights help us refine and enhance the Privacy DNS Chooser Script.
Spread the Word:
Help us reach more users by sharing the news! Talk about it, share on your favorite forums, and let your community know about the release.
Cool!
Have you looked into how existing software handles captive portals. I believe, both Ubuntu (or Gnome or Network-Manager) and Firefox do check for such portals and detect real internet access. (They simple poll some URL http://detectportal.vendor.com and check for the expected return code. Portals usually redirect.)
Now I’m thinking, what if this check could trigger a change to the DNS configuration. That is use DoT when internet is available, otherwise fall back to DHCP announced DNS
That is neat! It is a specific response so it should work.
#!/bin/bash # Function to set insecure DNS function insecure-dns() { # Backup the original resolved.conf file cp /etc/systemd/resolved.conf /etc/systemd/resolved.conf.bak # Modify resolved.conf to disable custom DNS, DoT, and DNSSEC sed -i 's/^DNS=.*/#DNS=/; s/^Domains=.*/#Domains=/; s/^DNSOverTLS=.*/#DNSOverTLS=/; s/^DNSSEC=.*/#DNSSEC=/' /etc/systemd/resolved.conf # Restart systemd-resolved systemctl restart systemd-resolved } # Function to set secure DNS function secure-dns() { # Restore the original resolved.conf file mv /etc/systemd/resolved.conf.bak /etc/systemd/resolved.conf # Restart systemd-resolved systemctl restart systemd-resolved } while true; do response=$(curl -sI captive.test.com | head -n 1 | cut -d' ' -f2) if [ "$response" == "200" ]; then insecure-dns xdg-open captive.test.com sleep 30 # something to wait until window is closed, otherwise spam! else secure-dns fi sleep 5 doneThis should work. What would be needed is to track the process of the login and only continue when the window is closed again.
I have edited the release page for the alpha. I have modified the file to correct a bug and add the deletion of the backup file when the operation is finished and also restart systemd-resolved service.