Magan is a DNS over HTTPS (DoH) server.
DNS dates back to the gentler days of Internet when clear text transmissions were considered quite OK. These days, there is increasing awareness among users to encrypt their traffic, including DNS.
Magan handles your incoming DNS requests and retrieves appropriate responses from Google Public DNS over HTTPS - thereby encrypting your otherwise clear-text DNS traffic.
The C version is recommended; also available are the Go and Python3 variants.
A few pre-built binaries for Linux and Windows are available here.
We need libcurl4-openssl-dev and libjson-c, usually installed on Debian thusly:
$ sudo apt install libjson-c libcurl4-openssl-dev
Once all the pre-requisites are met, compile magan as:
$ gcc magan.c -pthread -lcurl -ljson-c -o magan-$(uname -m)
(Also see make.sh.)
We need latest scapy:
$ pip3 install scapy
and then:
$ ./magan.py -h Usage: -h --help print this usage and exit -p --port alternate port to listen -v --version print version information and exit
$ ./magan --help Usage: ./magan [options] -h --help print this usage and exit -p --port alternate port to listen -v --version print version information and exit
You don't need root privileges if you are using port > 1024:
$ ./magan-armv7l -p 3131 Thu Apr 4 19:34:48 2019 Magan[26795]: Magan/1.2 Thu Apr 4 19:34:48 2019 Magan[26795]: Listening on port: 3131 Thu Apr 4 19:34:48 2019 Magan[26795]: Ready ..
you'd need root privs if you want to listen in on port number less than 1024
$ sudo ./magan-armv7l Thu Apr 4 19:35:20 2019 Magan[26823]: Magan/1.2 Thu Apr 4 19:35:20 2019 Magan[26823]: Listening on port: 53 Thu Apr 4 19:35:20 2019 Magan[26823]: Ready ..
Startup can be as simple as adding a line to your /etc/crontab:
*/5 * * * * someuser /usr/local/bin/magan -p 1039 1>/dev/null 2>/dev/null
If you are running as root, then:
*/5 * * * * root /usr/local/bin/magan -p 53 1>/dev/null 2>/dev/null