How To Encrypt DNS Traffic In Linux Using DNSCrypt
Table of Contents
Dnscrypt is a protocol that is used to improve DNS security by authenticating communications between a DNS client and a DNS resolver. DNSCrypt prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. DNSCrypt is available for multi-platforms including Windows, MacOS, Unix, Android, iOS, Linux and even routers.
DNSCrypt also allows you to –
Apart from encrypting traffic, DNSCrypt also allows you to take control of your DNS traffic. Most DNSCrypt clients allow the following –
- Review the DNS traffic originating from your network in real time, and detect compromised hosts and applications phoning home
- Locally block ads, trackers, malware, spam, and any website whose domain names or IP addresses match a set of rules you define.
- Prevent queries for local zones from being leaked.
- Reduce latency by caching responses and avoiding requesting IPv6 addresses on IPv4-only networks.
- Force traffic to use TCP, to route it through TCP-only tunnels or Tor.
How To Encrypt DNS Traffic With DNSCrypt In Linux?
Now let us move on to using DNSCrypt to encrypt DNS traffic.dnscrypt-proxy is by far the most popular DNSCrypt implementation and is available for all platforms already mentioned. Let’s follow the following steps to set it up.
Installing the dependencies
The following packages are necessary for the compilation of DNSCrypt. Enter the following commands in terminal to install them. $ sudo apt-get install build-essential Enter the following command to install it –
sudo add-apt-repository ppa:anton+/dnscrypt sudo apt-get update sudo apt-get install dnscrypt-proxy
Configure Network Manager to use DNSCrypt
- Open Network connections from menu
- Select your active connection from the Wired or Wireless tab
- Click on Edit and go to IPv4 settings tab
- Under method, select “Automatic (DHCP) addresses only”
- Set DNS servers to 127.0.0.2
- Save your settings and close
Restart the system network service –
$ sudo systemctl restart NetworkManager.service
Verify your setup is working alright.Visit http://opendns.org/welcome
Configure dnscrypt to start at computer boot. Open the session and startup manager and add the following to the Application Autostart Menu. sudo dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u dnscrypt All your DNS communications are now encrypted from this point forward and all your DNS requests are authenticated using DNSCrypt protocol.And that’s all we have for you in setting up DNSCrypt on your Linux. Hope you find this tutorial useful. Share your experiences and thoughts with us in the comments below.
LinuxAndUbuntu Newsletter
Join the newsletter to receive the latest updates in your inbox.