Dnscrypt is a protocol that is used to improve DNS security by authenticating communications between a DNS client and a DNS resolver. DNSCrypt prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. DNSCrypt is available for multi-platforms including Windows, MacOS, Unix, Android, iOS, Linux and even routers.
DNSCrypt also allows you to
- Review the DNS traffic originating from your network in real time, and detect compromised hosts and applications phoning home
- Locally block ads, trackers, malware, spam, and any website whose domain names or IP addresses match a set of rules you define.
- Prevent queries for local zones from being leaked.
- Reduce latency by caching responses and avoiding requesting IPv6 addresses on IPv4-only networks.
- Force traffic to use TCP, to route it through TCP-only tunnels or Tor.
How To Encrypt DNS Traffic With DNSCrypt In Linux?
Now let us move on to using DNSCrypt to encrypt DNS traffic.
dnscrypt-proxy is by far the most popular DNSCrypt implementation and is available for all platforms already mentioned. Let’s follow the following steps to set it up.
Installing the dependencies
The following packages are necessary for the compilation of DNSCrypt. Enter the following commands in terminal to install them.
$ sudo apt-get install build-essential
sudo apt-get software-properties-common sudo add-apt-repository ppa:anton+/dnscrypt sudo apt-get update sudo apt-get install dnscrypt-proxy
Configure Network Manager to use DNSCrypt
- Open Network connections from menu
- Select your active connection from the Wired or Wireless tab
- Click on Edit and go to IPv4 settings tab
- Under method, select “Automatic (DHCP) addresses only”
- Set DNS servers to 127.0.0.2
- Save your settings and close
Restart the system network service .
$ sudo systemctl restart NetworkManager.service
Verify your setup is working alright.
sudo dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u dnscrypt
All your DNS communications are now encrypted from this point forward and all your DNS requests are authenticated using DNSCrypt protocol.
And that’s all we have for you in setting up DNSCrypt on your Linux. Hope you find this tutorial useful. Share your experiences and thoughts with us in the comments below.