Follow @devcrafter91

How to setup DNSCrypt on Linux

Wed Apr 10 2019 linux privacy hack

What is DNSCrypt?

DNSCrypt is responsible for encrypting DNS queries, it's like https for all the middleman connection between you and your ISP so they can't record your DNS history and sell your data to various advertising companies or let your country spy on you. It's a pretty useful tool for privacy without affecting your bandwidth speed. There are various tools, dnscrypt-proxy is written in Go and supports modern encrypted DNS protocols and DNS-over-HTTPS, DNS caching and has pre-built binaries for every OS.

Installation

Dependencies first (Debian):

apt-get install -y wget

Head to https://github.com/jedisct1/dnscrypt-proxy/releases and find the right version of the pre-compiled binary file. Copy the url, unzip it and move the binary to /opt/.

For 64bit Linux run the following lines:

wget https://github.com/jedisct1/dnscrypt-proxy/releases/\
download/2.0.20/dnscrypt-proxy-linux_x86_64-2.0.20.tar.gz
tar xf dnscrypt-proxy-linux_x86_64-2.0.20.tar.gz
mv linux-x86_64 /opt/dnscrypt

Configure

First of all remove every local DNS service (if exist) and delete /etc/resolvconf (not the resolv.conf file). Now backup resolv.conf, remove it and create a new file with the following contents:

nameserver 127.0.0.1
options edns0 single-request-reopen

Now create the default configuration using the pre-configured snippets and install DNSCrypt as a systemd service:

cd /opt/dnscrypt
cp ./example-dnscrypt-proxy.toml dnscrypt-proxy.toml
./dnscrypt-proxy -service install 
systemctl enable dnscrypt-proxy
systemctl start dnscrypt-proxy

Debug

Problem: listen udp [::1]:53: bind: cannot assign requested address

Solution: Remove IPv6 support by deleting '[::1]:53' from the configuration file

Verify if it works

Head to https://ipleak.net/ and follow the instructions there to see if your ISP has some leaks.

Sources

https://dnscrypt.info/protocol/

Share