Dan on Security
Register | Login
Setting up DNSCrypt
https://danonsecurity.com/links/show/50

DNSCrypt can be an easy way of adding a bit of privacy to your DNS queries as opposed to using big brother's 8.8.8.8 and 8.8.4.4 public DNS. Setting it up is extremely easy, and installers can be downloaded from the DNSCrypt site for most OS, including this one for OS X: DNSCrypt OS X Client

However, if you want to set up DNSCrypt on a small Linux box or router on your LAN, you can use the following easy steps:

apt-get install dnscrypt-proxy dnsmasq
Edit /etc/default/dnscrypt-proxy by defining the following constants, DNSCrypt will be listening on our loopback device on port 2053:
DNSCRYPT_PROXY_LOCAL_ADDRESS=127.0.0.2:2053
DNSCRYPT_PROXY_RESOLVER_NAME=cisco
This sets up the DNSCrypt resolver as Cisco (former OpenDNS), but if you prefer, you can choose a different one from here: /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv

If you use systemd, you also need to edit /etc/systemd/system/sockets.target.wants/dnscrypt-proxy.socket to add the following:
[Socket]
Listen Stream?=127.0.0.2:2053
Listen Datagram?=127.0.0.2:2053
... and restart DNSCrypt
/etc/init.d/dnscrypt-proxy restart
Next, we can use Dnsmasq to cache queries (or Bind if you already have a DNS resolver installed).

For Dnsmasq, edit /etc/dnsmasq.conf (change eth0 to whichever interface faces your LAN, e.g. wlan0):
server=127.0.0.2#2053 interface=eth0
For Bind, edit /etc/bind/named.conf.options and simply add the forwarder line:
forwarders { 127.0.0.2 port 2053; };

Tags: dnscrypt dns privacy
More from: danonsecurity.com


Comments

No comments found :-( To post a comment, please log in