www.derekseaman.com/2019/09/how-to-pi-hole-plus-dnscrypt-setup-on-raspberry-pi-4.html
github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-on-Debian-and-Ubuntu
github.com/DNSCrypt/dnscrypt-proxy/releases
packages.debian.org/stable/dnscrypt-proxy
github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0
disable relaying
forum.syncthing.net/t/can-syncthing-be-totally-private/10037/3
In normal configuration, Syncthing will always connect to relays, as it cannot know, if other devices need them and will connect through them to it.
To be totally private (to the extreme), disable relay and global/local discovery, set the listening address to something explicit, like tcp://:22000 instead of default and set the addresses of the remote devices to their hostname/ip address and port (like tcp://192.168.01.45:22001) instead of dynamic. And disable usage reporting and auto upgrade (if you really want).
Then the only connections Syncthing will ever make are direct connections to the other syncthing devices.
sshuttle
wireguard server on linux
wireguard auf raspberry
stubby for DNS privacy
www.linuxbabe.com/ubuntu/ubuntu-stubby-dns-over-tls
Aber: 127.0.1.1 im Networkmanager setzen, weil Networkmanager dnsmasq nutzt und dieser an der 127.0.1.1 auf Anfragen wartet.
Prüfen mit
$ ps auxw | grep dnsmasq nobody 7781 0.0 0.0 60192 3720 ? S Sep11 0:00 /usr/sbin/dnsmasq –no-resolv –keep-in-foreground –no-hosts –bind-interfaces –pid-file=/run/NetworkManager/dnsmasq.pid –listen-address=127.0.1.1 –cache-size=0 –clear-on-reload –conf-file=/dev/null –proxy-dnssec –enable-dbus=org.freedesktop.NetworkManager.dnsmasq –conf-dir=/etc/NetworkManager/dnsmasq.d