Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggestion: simplify setup-dns #221

Closed
balupton opened this issue Apr 23, 2024 · 3 comments · Fixed by #251
Closed

Suggestion: simplify setup-dns #221

balupton opened this issue Apr 23, 2024 · 3 comments · Fixed by #251
Assignees
@balupton
Labels
enhancement Improvement or suggestion
Milestone
Share Launch

Comments

@balupton
Copy link
Member

Two things have happened since setup-dns was written:

  1. Cloudflared now has a simpler setup, allowing cloud-based configuration, which is far easier that the current manual way of managing tunnels via complex configuration files and auth flow
  2. The setup-util* convention has happened

As such, this proposal contains:

  1. Moving out adguard home, cloudflared, and whatever else into setup-util-* commands
  2. Stripping cloudflared of the complexity and just supporting cloud based configuration
@balupton balupton added the enhancement Improvement or suggestion label Apr 23, 2024
@balupton balupton added this to the Share Launch milestone Apr 23, 2024
@balupton balupton self-assigned this Apr 23, 2024
@balupton
Copy link
Member Author

balupton commented Aug 8, 2024
edited
Loading

Dropping openDNS as they seem to have 3 different filtering tiers, security filtering by default, unfiltered for ipv6, and then family shield, however, they do not provide comprehensive details on what each of these support:


  "opendns-unfiltered": {
    "url": "https://support.opendns.com/hc/en-us/articles/227986667-Does-OpenDNS-Support-IPv6",
    "comment": "Recursive IPv6 DNS resolution and security filtering for IPv6 traffic",
    "ipv4_servers": [
      "208.67.222.222",
      "208.67.220.220"
    ],
    "ipv6_servers": [
      "2620:119:35::35",
      "2620:119:53::53"
    ]
  },
  "opendns-unfiltered": {
    "url": "https://support.opendns.com/hc/en-us/articles/227986667-Does-OpenDNS-Support-IPv6",
    "comment": "RFC-compliant DNS service that does not provide any level of filtering",
    "ipv4_servers": [
      "208.67.222.222",
      "208.67.220.220"
    ],
    "ipv6_servers": [
      "2620:0:ccc::2",
      "2620:0:ccd::2"
    ]
  },

until their docs improve, bye bye, they need to learn from quad9: https://www.quad9.net/service/service-addresses-and-features/

@balupton balupton mentioned this issue Aug 8, 2024
Open
@balupton
Copy link
Member Author

balupton commented Aug 8, 2024
edited
Loading

Cloudflared is now entirely focused on their tunnel service which is now configured via the cloud, and their dns service is now handled via their cloudflare warp client rather than the cloudflared proxy-dns custom service; as such I will be deprecating the existing handling of cloudflared, removing the proxy-dns service, and leaving it as only a tool for cloudflared tunnel cloud configs.

I will look into their cloudflare-warp client, but from memory it does not support linux arm so perhaps I'll leave it up to someone else.

This all said, the custom services for encrypted dns were written in a time when there was not native encrypted dns support. Now all modern operating systems implement native support for encrypted dns, so setup-dns can be dramatically simplified.

In which I'll probably only keep support for the custom services of dnscrypt and adguard home. With everything else being for others to handle, as code and sanity is best when those maintaining it maintain only extant code.

Personally, I'm tempted to also deprecate dnscrypt as it is antiquated, however it is still
popular and it will live forever it seems.

If anyone objects, let me know within the next couple of days.

@balupton balupton mentioned this issue Sep 16, 2024
Open
balupton added a commit that referenced this issue Sep 17, 2024
@balupton
WIP: initial work to simplify setup-dns
e124350 
/ref #221
@balupton balupton mentioned this issue Sep 17, 2024
Merged
balupton added a commit to balupton/dotfiles that referenced this issue Sep 18, 2024
@balupton
add test-fetch-dns to experiment with setup-dns rework
eceb788 
/ref bevry/dorothy#221
balupton added a commit that referenced this issue Sep 20, 2024
@balupton
WIP: initial work to simplify setup-dns
2e38cec 
/ref #221
balupton added a commit that referenced this issue Sep 23, 2024
@balupton
WIP: initial work to simplify setup-dns
53f483e 
/ref #221
balupton added a commit that referenced this issue Sep 23, 2024
@balupton
WIP: initial work to simplify setup-dns
ad51e12 
/ref #221
balupton added a commit that referenced this issue Sep 26, 2024
@balupton
WIP: setup-dns now functional again
03c8de4 
/ref #221

- `dorothy-workflow.yml`: add latest images
- `echo-mkdirp`: support quiet
- `setup-dns`: made mono-function again, and cleaned up code
- `setup-environment-commands`: add `STATE_DIR`
- `setup-util`: add `--installed` and `--uninstalled` aliases
- `setup-util-(adguard-home|cloudflared|dnscrypt-proxy)`: now just aliases for `setup-dns`
- `setup-util-plex` renamed to `setup-util-plex-media-server`
- `dns.json` move `about` before `url`, and remove `local` as that is a programmatic provider
@balupton
Copy link
Member Author

Except for testing on Linux and a few trivial things for tidying it up, this is done locally.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@balupton balupton

Labels
enhancement Improvement or suggestion
Milestone
Share Launch
Development

Successfully merging a pull request may close this issue.

setup-dns: update for latest ecosystem and convention changes bevry/dorothy
1 participant
@balupton