Sun 23 Jun 2019 07:39:35 AM EDT Slept from ten-thirty to seven. Woke briefly around three. High of eighty-two and mostly sunny today. Thirty-minute walk in the morning. Thinking about changing my home LAN privacy measures. Have Nanook just run dnsmasq (with pi-hole-like lists for ad blocking) and dnscrypt-proxy to 1.1.1.1? Goals: - Play with dnsmasq and dnscrypt-proxy Done. - D&D stuff Watched Return to the 36th Chamber on Prime. Excellent — better than the first one. LOL at the rooftop kung fu vs little bench kung fu. Changed towels. Ten-minute walk in the afternoon. https://paulgorman.org/technical/dnsmasq-dnscrypt-proxy-privacy.txt.html Yes, dnsmasq with dnscrypt uses a tenth of the memory of Unbound, and I trust Cloudflare slightly more that my VPN provider. The difference is so dramatic, I wonder if my Unbound configuration is badly stupid. It's like: ``` local-zone: "example.com" redirect local-data: "example.com A 127.0.0.1" local-zone: "example.org" redirect local-data: "example.org A 127.0.0.1" ``` A clue, maybe, from the Unbound example config comments: > If you configure local-data without specifying local-zone, by default a transparent local-zone is created for the data. Anyhow, the changes on Nanook: ``` --- nanook ~ % sudo apt update --- nanook ~ % mv ~/bin/make_dns_blacklist.sh ~/bin/OLD-make_dns_blacklist.sh --- bava ~ % scp june/update-dns-bl nanook:~/bin/ --- bava ~ % scp /etc/dns-bl nanook:~/tmp/ --- bava ~ % scp /etc/dnsmasq.conf nanook:~/tmp/ --- bava ~ % scp /etc/systemd/system/sockets.target.wants/dnscrypt-proxy.socket nanook:~/tmp/ --- nanook ~ % sudo cp ~/tmp/dns-bl /etc/ --- nanook ~ % sudo crontab -l @monthly /home/paulgorman/bin/make_dns_blacklist.sh @weekly /home/paulgorman/bin/backup.sh --- nanook ~ % sudo crontab -e --- nanook ~ % sudo crontab -l @weekly /home/paulgorman/bin/update-dns-bl @weekly /home/paulgorman/bin/backup.sh --- nanook ~ % sudo apt install dnsmasq dnscrypt-proxy --- nanook ~ % sudo cp ~/tmp/dnscrypt-proxy.socket /etc/systemd/system/sockets.target.wants/ --- nanook ~ % sudo cp ~/tmp/dnsmasq.conf /etc/ --- nanook ~ % sudo systemctl daemon-reload --- nanook ~ % sudo systemctl stop unbound.service --- nanook ~ % sudo systemctl disable unbound.service --- nanook ~ % sudo systemctl stop vpn.service --- nanook ~ % sudo systemctl disable vpn.service Removed /etc/systemd/system/multi-user.target.wants/vpn.service. --- nanook ~ % sudo systemctl stop systemd-resolved.service --- nanook ~ % sudo systemctl disable systemd-resolved.service --- nanook ~ % sudo systemctl enable dnsmasq --- nanook ~ % sudo systemctl enable dnscrypt-proxy --- nanook ~ % sudo systemctl restart dnscrypt-proxy --- nanook ~ % sudo systemctl start dnsmasq ``` Happy enough with dnsmasq + dnscrypt-proxy that I canceled recurring payments for my VPN. Started playing Donut County on the Switch. Servings: grains 7/6, fruit 3/4, vegetables 2/4, dairy 4/2, meat 3/3, nuts 0/0.5 Brunch: egg and tomato sandwich, banana, pineapple, cucumber Afternoon snack: orange Dinner: Indian 118/70