Dan on Security
Register | Login
Setting up DNSCrypt

DNSCrypt can be an easy way of adding a bit of privacy to your DNS queries as opposed to using big brother's and public DNS. Setting it up is extremely easy, and installers can be downloaded from the DNSCrypt site for most OS, including this one for OS X: DNSCrypt OS X Client

However, if you want to set up DNSCrypt on a small Linux box or router on your LAN, you can use the following easy steps:

apt-get install dnscrypt-proxy dnsmasq
Edit /etc/default/dnscrypt-proxy by defining the following constants, DNSCrypt will be listening on our loopback device on port 2053:
This sets up the DNSCrypt resolver as Cisco (former OpenDNS), but if you prefer, you can choose a different one from here: /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv

If you use systemd, you also need to edit /etc/systemd/system/sockets.target.wants/dnscrypt-proxy.socket to add the following:
Listen Stream?=
Listen Datagram?=
... and restart DNSCrypt
/etc/init.d/dnscrypt-proxy restart
Next, we can use Dnsmasq to cache queries (or Bind if you already have a DNS resolver installed).

For Dnsmasq, edit /etc/dnsmasq.conf (change eth0 to whichever interface faces your LAN, e.g. wlan0):
server= interface=eth0
For Bind, edit /etc/bind/named.conf.options and simply add the forwarder line:
forwarders { port 2053; };

Tags: dnscrypt dns privacy
More from: danonsecurity.com


No comments found :-( To post a comment, please log in