SmartDNS Proxy to hide your GeoLocation. Based on DnsDist and nginx
Please note replacing sniproxy with nginx resulted in a breaking change. nginx is listening on port 8080 (before 80) and 8443 (before 443). Ensure you update your docker configuration accordingly!
You will need a VPS or a Root Server where you can install Docker (or Docker is already installed).
## run this in your terminal or use your webbrowser
curl https://ifconfig.co
For this example lets assume your public ip (of your client) is 10.111.123.7
Since version v1.0.8
you can also use DynDNS. In this case just use your DynDNS domain eg. myDynDNSDomain.no-ip.com
curl https://ifconfig.co
For this example lets assume your public ip (of your server) is 10.111.123.8
docker run -d --name snidust -e ALLOWED_CLIENTS="127.0.0.1, 10.111.123.7, myDynDNSDomain.no-ip.com" -e EXTERNAL_IP=10.111.123.8 -p 443:8443 -p 80:8080 -p 53:5300/udp ghcr.io/seji64/snidust:1.0.15
Or if you use docker compose:
version: '3.3'
services:
snidust:
container_name: snidust
environment:
- TZ=Europe/Berlin
- 'ALLOWED_CLIENTS=127.0.0.1, 10.111.123.7, myDynDNSDomain.no-ip.com'
- 'EXTERNAL_IP=10.111.123.8'
- SPOOF_ALL_DOMAINS=false # Set to true (case sensitive!) if you want to spoof ALL domains.
# - 'DYNDNS_CRON_SCHEDULE=*/1 * * * *' # Example for specifing a custom cron interval for dynDNS Update. Default is '*/15 * * * *'
ports:
- 443:8443
- 80:8080
- 53:5300/udp
image: 'ghcr.io/seji64/snidust:1.0.15'
docker logs snidust
The logs should look something like this:
...
Webserver launched on 127.0.0.1:8083
Marking downstream 1.0.0.1:443 as 'up'
Marking downstream dns.google (8.8.8.8:853) as 'up'
Marking downstream dns.google (8.8.4.4:853) as 'up'
Marking downstream 1.1.1.1:443 as 'up'
Polled security status of version 1.7.1 at startup, no known issues reported: OK
Change your network settings and set the DNS Server as 10.111.123.8 (PUBLIC_VPS_IP)
Your GeoLaction should now hidden :-)
In this case, you are either running another service (like Pi-Hole) that already uses this Port or you likely use a Linux distribution that uses Systemd.
In case Systemd is already using port 53 you can follow this Guide to free up this port.
For examples how to use an setup DoT see docker-compose.dot.yml
and docker-compose.acme.sh-dot.yml
If do not want use the default domain lists of this repo, you can disable this by setting the environment variable INSTALL_DEFAULT_DOMAINS
to false
.
The default is the following:
Generate a warning if we detect a query rate above 800 qps *(Query per second)* for at least 60s.
If the query rate rises above 1000 qps for 60 seconds, we'll block the client for 360s.
To customize this behavior you can use the following environment variables:
DNSDIST_RATE_LIMIT_WARN (default: 800)
DNSDIST_RATE_LIMIT_BLOCK (default: 1000)
DNSDIST_RATE_LIMIT_BLOCK_DURATION (default: 360)
DNSDIST_RATE_LIMIT_EVAL_WINDOW (default: 60)
If you want to disable Rate Limiting completely set DNSDIST_RATE_LIMIT_DISABLE
to true
By default, SniDust is using Cloudflare's and Google's DNS Servers as Upstream. To use your own/custom upstream DNS Server you have to do the following:
newServer({address="192.0.2.1", name="custom1", pool="customUpstream"})
newServer({address="192.0.2.2", name="custom2", pool="customUpstream"})
pool
and it is NOT named upstream
(this name is already used by sniDust itself)DNSDIST_UPSTREAM_POOL_NAME
to your pool name (here: customUpstream
)99-customUpstream.conf
...
volumes:
- ~/99-customUpstream.conf:/etc/dnsdist/conf.d/99-customUpstream.conf
...
In case you want to add custom domains which not included by default, this can be done easily.
Create a file with the name 99-custom.lst
. Insert all your custom domains in this file.
docker run --name snidust -e ALLOWED_CLIENTS="127.0.0.1, 10.111.123.7" -e EXTERNAL_IP=10.111.123.8 -p 443:8443 -p 80:8080 -p 53:5300/udp -v ~/99-custom.lst:/etc/snidust/domains.d/99-custom.lst:ro ghcr.io/seji64/snidust:main
Or if you use docker-compose:
version: '3.3'
services:
snidust:
container_name: snidust
environment:
- 'ALLOWED_CLIENTS=127.0.0.1, 10.111.123.7'
- EXTERNAL_IP=10.111.123.8
ports:
- '443:8443'
- '80:8080'
- '53:5300/udp'
volumes:
- '~/99-custom.lst:/etc/snidust/domains.d/99-custom.lst:ro'
image: 'ghcr.io/seji64/snidust:1.0.15'
If you don't want to maintain a list of domains and you just want to spoof everything set SPOOF_ALL_DOMAINS
to true
WARNING:: As a result, the COMPLETE traffic runs through your VPS - this is not the optimal use of SniDust. Only the traffic needed to cloak the GeoLocation should flow through SniDust
version: '3.3'
services:
snidust:
container_name: snidust
environment:
- 'ALLOWED_CLIENTS=127.0.0.1, 10.111.123.7'
- EXTERNAL_IP=10.111.123.8
- SPOOF_ALL_DOMAINS=true
...
In case you want to have dynamic ALLOWED_CLIENTS ACL change your docker compose file to this:
version: '3.3'
services:
snidust:
container_name: snidust
environment:
- 'ALLOWED_CLIENTS_FILE=/tmp/myacls.acl'
- EXTERNAL_IP=10.111.123.8
ports:
- '443:8443'
- '80:8080'
- '53:5300/udp'
volumes:
- '~/myacls.acl:/tmp/myacls.acl:ro'
image: 'ghcr.io/seji64/snidust:1.0.15'
Then you can reload your ACLs by querying a specific DNS name:
# Assuming 10.11.123.8 is the IP of your Server where snidust runs
dig @10.111.123.8 reload.acl.snidust.local
You should see in the logs (docker logs snidust
) snidust has reloaded your ACLs
[SniDust] *** Reloading ACL... ***
...
[SniDust] *** ACL reload complete! ***
In case you added custom domains like the above, update the 99-custom.lst
file but don't want to restart your SniDust container each time, you can reload all domains with a custom DNS question.
# Assuming 10.11.123.8 is the IP of your Server where snidust runs
dig @10.111.123.8 reload.domainlist.snidust.local
You should see in the logs (docker logs snidust
) snidust has reloaded your domain
[SniDust] Reloading domain lists...
...
[SniDust] *** End of Domain List ***
[SniDust] Domain Lists reloaded!
Based on the following projects: