After running into problems installing VayDNS using multi-tunnel scripts, I decided to install and configure VayDNS manually.
This page assumes you have:
To avoid conflicts over the use of port udp/53, it is best not to use systemd-resolved. If systemd-resolved is running, you could start with systemctl disable --now systemd-resolved then add nameserver 1.1.1.1 to /etc/resolv.conf. However, some VPS providers set up their servers in such a way that /etc/resolv.conf gets overwritten. You will have to investigate how to prevent this, as the procedure varies from provider to provider.
Go into your domain name registrar's configuration panel (or your Cloudflare configuration panel, if you have specified that Cloudflare will handle your DNS records).
Create an A record for your server hostname and an NS record for the subdomain that will be resolved at your server.
| Name | Type | Value |
|---|---|---|
ns.example.com |
A |
Your server IP address |
v.example.com |
NS |
ns.example.com |
(On Cloudflare, specify DNS services only, and not proxying.)
How you open the firewall depends on what firewall you are using (security groups, iptables, ufw, firewall-cmd, etc.). However you built your firewall, you need to open it for input on port udp/5300. (We use port udp/5300 to avoid having to bind to a privileged port.)
If you are using iptables, SSH into your server as root, then issue the command:
iptables -I INPUT -p udp --dport 5300 -j ACCEPT
Redirect port udp/53 to udp/5300:
iptables -t nat -I PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-ports 5300
You also need to persist your firewall rules across reboots. For example, if you have previously installed iptables-persisent on your VPS:
dpkg-reconfigure iptables-persistent
Update your existing server packages, and install microsocks:
apt update && apt upgrade -y
apt install -y microsocks
Create a systemd service file for microsocks:
vi /etc/systemd/system/microsocks.service
Insert contents like this:
Description=MicroSocks SOCKS5 Server After=network.target [Service] User=nobody Group=nogroup ExecStart=/usr/bin/microsocks -i 127.0.0.1 -p 8000 Restart=always [Install] WantedBy=multi-user.target
Save the file.
Start the microsocks service:
systemctl daemon-reload
systemctl enable microsocks
systemctl start microsocks
Download the server binary from GitHub. For example, if the most recent release is v0.2.8:
wget https://github.com/net2share/vaydns/releases/download/v0.2.8/vaydns-server-linux-amd64
Copy the binary into directory in your execution path:
cp vaydns-server-linux-amd64 /usr/local/bin/vaydns-server
chmod +x /usr/local/bin/vaydns-server
adduser vaydns
The resulting dialog will look like this:
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for vaydns
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
Create a directory to hold the keys:
mkdir /etc/vaydns
Generate public-private key pair:
vaydns-server -gen-key -privkey-file /etc/vaydns/server.key -pubkey-file /etc/vaydns/server.pub
Result:
privkey written to /etc/vaydns/server.key pubkey written to /etc/vaydns/server.pub
Change owner and group to be the vaydns user:
chown vaydns /etc/vaydns/server.*
chgrp vaydns /etc/vaydns/server.*
Create a systemd service file for vaydns-server:
vi /etc/systemd/system/vaydns.service
Use the following as a model.
txt, null, cname, a, aaaa, mx, ns, srv, or caa.[Unit] Description=VayDNS userspace DNS tunnel Documentation=https://github.com/net2share/vaydns After=network.target [Service] User=vaydns Group=vaydns ExecStart=/usr/local/bin/vaydns-server -udp :5300 -privkey-file /etc/vaydns/server.key -domain v.example.com -record-type null -upstream 127.0.0.1:8000 Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target
Save the file.
Start the vaydns service:
systemctl daemon-reload
systemctl enable vaydns
systemctl start vaydns
Check that the status is active (running):
systemctl start vaydns
You will see messages like this:
serving domain: v.example.com transport config: queue-size=512 kcp-window-size=256 queue-overflow=drop wire config: clientid-size=2 compat=false pubkey 5cd4... effective MTU 936"
If you need to check the logs at any time in the future, you can do:
journalctl -u vaydns
Display the public key, as you will need it on the client:
cat /etc/vaydns/server.pub
The result is a string of 64 hexadecimal characters. Make a note of it. You will need this string on your client. Since it is a public key, it does not need to be kept secret.
Your work on the server is done for now, so exit your SSH session:
exit
Download the latest desktop client from https://github.com/net2share/vaydns/releases.
For example, for a Windows PC you would download vaydns-client-windows-amd64.exe.
Open PowerShell and run the Windows executable. In the example command that follows, make these replacements:
8.8.8.8:53 to a local resolverv.example.com to your own domain5cd4... to your actual public keynull to the record type you are using./vaydns-client-windows-amd64.exe -udp 8.8.8.8:53 -domain v.example.com -pubkey 5cd4... -record-type null -listen 127.0.0.1:7000
Leave the window open with the client running in it.
Open another PowerShell window and issue the suggested command:
curl.exe --proxy socks5h://127.0.0.1:7000/ https://wtfismyip.com/text
You should see your server IP address displayed.
Now either configure the Windows system proxy to use the SOCKS5 proxy server on 127.0.0.1:7000, or configure an individual browser to do so. The most convenient browser to use here is Firefox.
When you are done testing, go to the window with the client running in it, and do Ctrl+c.
If you experience any issues, report them on https://github.com/net2share/vaydns/issues.