Code Chronicles

Menu

Menu

  • Blog
  • Feed
  • Register
  • Log in

Categories

  • DNS
  • CMS

Pages

  • Welcome to innovation.ekvastra!

Recent Posts

  • Setting Up DNSCrypt-Proxy…
  • Building a Modern, Privacy…
  • My Journey with HTMLy, Bludit…

Archive

  • December 2025
  • October 2025
  • September 2024

December 2025

  • Setting Up DNSCrypt…

    In today's digital landscape, protecting your online privacy starts with securing your DNS queries. While you browse websites, your device constantly translates domain names into IP addresses through DNS requests—and by default, these requests travel in plaintext, making them vulnerable to eavesdropping and manipulation. Enter dnscrypt-proxy, a powerful tool that encrypts your DNS traffic and shields your browsing habits from prying eyes. Why DNSCrypt-Proxy Matters Traditional DNS queries are like sending postcards through the mail—anyone handling them can read the contents. DNSCrypt-proxy wraps these queries in encryption, supporting modern protocols like DNS-over-HTTPS (DoH) and DNSCrypt, effectively turning those postcards into sealed envelopes. Key Benefits: Enhanced Privacy: Your DNS queries remain hidden from ISPs and network administrators Security: Protection against man-in-the-middle attacks and DNS spoofing Flexibility: Support for multiple encrypted DNS protocols…

    Permanent link to “Setting Up DNSCrypt-Proxy: Your Gateway to Secure DNS”

October 2025

  • Building a Modern…

    Over several months, we evolved from a simple DNS forwarder into a sophisticated, public-facing Unbound DNS setup with DoT/DoH, dnscrypt-proxy integration, EDNS tuning, and OISD blocklists. This post distills that journey into a practical guide: not just how to configure Unbound, but why we made each choice and what actually mattered. Why Unbound? We needed a fast, privacy-respecting, locally-controlled DNS resolver on FreeBSD/Ubuntu that could serve Android Private DNS clients and integrate with privacy providers like AdGuard and NextDNS.[1][2][39] After testing dnscrypt-proxy + HAProxy and Caddy + Unbound, we found Unbound as the core was the best fit because it: Acts as a validating resolver, forwarder, and cache in one.[39] Supports native DoT/DoH when compiled properly.[11][17] Integrates seamlessly with dnscrypt-proxy for upstream privacy.[12][30][35] Getting Basics Right: Forwarding Only Since we forward to privacy providers rather than run full recursion, we simplified Unbound…

    Permanent link to “Building a Modern, Privacy-First Home DNS with Unbound”
Archive of 2024