dnsproxy icon indicating copy to clipboard operation
dnsproxy copied to clipboard
verified publisher icon AdguardTeam

Install As Service

Open kathampy opened this issue 6 years ago • 14 comments

Can you add a command line option to install dnsproxy as a service similar to cloudflared?

sudo cloudflared service install https://github.com/cloudflare/cloudflared/blob/master/cmd/cloudflared/linux_service.go

kathampy avatar Mar 16 '19 17:03 kathampy

Well, that's possible, but I'd prefer to do it the same way we do it in AG Home: https://github.com/AdguardTeam/AdGuardHome/blob/master/service.go

This way it'll be cross-platform and support Win/Linux/MacOS.

ameshkov avatar Mar 18 '19 09:03 ameshkov

The service support in cloudflared is also cross-platform. I just linked to the Linux code for simplicity. Look at the parent directory. It doesn't require external libraries and uses only Go's sys packages even for the Windows service.

kathampy avatar Mar 18 '19 10:03 kathampy

In the meantime you might use the following file for systemd (after creating a dedicated user dnsproxy and placing the build accordingly):

# /etc/systemd/system/dnsproxy.service
[Unit]
Description=dnsproxy
After=syslog.target
After=network.target

[Service]
Restart=always
RestartSec=2s
Type=simple
User=dnsproxy
Group=dnsproxy
WorkingDirectory=/var/lib/dnsproxy

ExecStart=/usr/local/bin/dnsproxy -z \
    -l 127.0.0.1 -p 53 \
    -u https://doh.ffmuc.net/dns-query -u tls://dot.ffmuc.net \
    -f 127.0.0.53:53

CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

krombel avatar Jan 04 '20 01:01 krombel

Is it also possible to add a command line option for writing the runtime PID to the PID file ?

Cwek avatar Nov 07 '20 14:11 Cwek

Which inits would be supported?

I would be interested in OpenRC support as well but maybe if SysVInit script is provided, would work on any system using OpenRC (Gentoo, Devuan, Alpine which is used in containers a lot), Runit (Dragora GNU/Linux-Libre, Void Linux) or SystemD (Ubuntu, Debian and derivatives) and even legacy SysVInit.

EchedelleLR avatar Mar 03 '21 13:03 EchedelleLR

Is there any temporary work around to achieve the below for my ASUS Router (in the meantime)?

@ameshkov @joshcangit @krombel

Something similar to AdGuardHome...

I can configure AdGuardHome to run as a service on my ASUS Merlin Router (with Entware).

Example of AdGuard Home

  1. Contents of /opt/etc/init.d/ 
#!/bin/sh
ENABLED=yes
WORK_DIR=/opt/etc/AdGuardHome
PROCS=AdGuardHome
ARGS="-c $WORK_DIR/AdGuardHome.yaml -w "$WORK_DIR" --no-check-update -l syslog"
PREARGS="nohup"
PRECMD="killall -9 dnsmasq"
POSTCMD="service restart_dnsmasq"
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export TZ=$(cat /etc/TZ)
. /opt/etc/init.d/rc.func
  1. And then I all I need to do is make changes to my dnsmasq conf 
port=553
local=/1.168.192.in-addr.arpa/

This makes AdGuardHome as the DNS server running on port 53 and my existing dnsmasq still operating on my router (on custom port 553 and only for local queries)

Can I do something similar with dnsproxy?

Or some workaround/ hack to utilise it the same way as AdGuardHome ?

What I am looking to achieve is...

  • Run dnsproxy as a service and listen on port 53
  • dnsproxy will then forward the queries to different upstream AdGuardHome resolvers (configured in dnsproxy.yaml)
  • existing dnsmasq (of the Asus router) will continue to operate as normal; but listening on port 553 and responding only to local queries.

gspannu avatar Feb 22 '22 16:02 gspannu

Not using dnsmasq but I'm using systemd-resolved. I set this in /etc/systemd/resolved.conf. ....... But before that, I set nameserver 127.0.0.1 to /etc/resolvconf/resolv.conf.d/tail. I didn't even needed to remove systemd-resolved or set a different port.

Thanks.

@joshcangit I presume you are running this on Debian/ Ubuntu..

My bigger issue is getting dnsproxy to run as a service. How do I get dnsproxy to launch automatically using /opt/etc/init.d .... this is the crux of my issue.

gspannu avatar Feb 23 '22 15:02 gspannu

Yes indeed, I'm using Ubuntu. Sorry, I assumed this would work the same on your setup. As far as I can tell, I'm only guessing as to how it would work. I just read the README.md to use the command with arguments inside a systemd.service file. So maybe the configuration could be this?

#!/bin/sh
ENABLED=yes
WORK_DIR=/opt/etc/AdguardTeam
PROCS=dnsproxy
ARGS="-l 127.0.0.1 -l ::1 -u quic://dns.futuredns.me -u quic://doh.tiar.app -f https://anycast.dns.nextdns.io/dns-query -f https://doh.dns.sb/dns-query -b 80.80.80.80:53 -b 80.80.81.81:53 --all-servers"
PREARGS="nohup"
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export TZ=$(cat /etc/TZ)
. /opt/etc/init.d/rc.func

Forgive me, i didn't know about Entware. I'll also guess you may not need to use different ports. It can still be port 53, but maybe dnsmasq and dnsproxy clash on Entware?

joshcangit avatar Feb 23 '22 18:02 joshcangit

quic://doh3.dns.nextdns.io

Old thread, but noticed you are using DoH3 to NextDNS in the config. Can DNSproxy already do DoH3 to upstream servers?! Is it only acting as it's own DoH3-server that's missing in DNSproxy?

iJorgen avatar Aug 05 '22 09:08 iJorgen

oh, I forgot about what I said in #234. It works if only if QUIC port is 853. I know NextDNS uses 8853, AdGuard uses 784 and Dandelion Sprout 48582 so those can't ever be used. I wasn't aware of dnsproxy using the fallback DNS addresses. I think quic://dns.futuredns.me and quic://doh.tiar.app should work.

joshcangit avatar Aug 13 '22 16:08 joshcangit