DNSCrypt can be an easy way of adding a bit of privacy to your DNS queries as opposed to using big brother's 8.8.8.8 and 8.8.4.4 public DNS. Setting it up is extremely easy, and installers can be downloaded from the DNSCrypt site for most OS, including this one for OS X: DNSCrypt OS X Client
However, if you want to set up DNSCrypt on a small Linux box or router on your LAN, you can use the following easy steps:
apt-get install dnscrypt-proxy dnsmasqEdit /etc/default/dnscrypt-proxy by defining the following constants, DNSCrypt will be listening on our loopback device on port 2053:
DNSCRYPT_PROXY_LOCAL_ADDRESS=127.0.0.2:2053This sets up the DNSCrypt resolver as Cisco (former OpenDNS), but if you prefer, you can choose a different one from here: /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
DNSCRYPT_PROXY_RESOLVER_NAME=cisco
If you use systemd, you also need to edit /etc/systemd/system/sockets.target.wants/dnscrypt-proxy.socket to add the following:
[Socket]... and restart DNSCrypt
Listen Stream?=127.0.0.2:2053
Listen Datagram?=127.0.0.2:2053
/etc/init.d/dnscrypt-proxy restartNext, we can use Dnsmasq to cache queries (or Bind if you already have a DNS resolver installed).
For Dnsmasq, edit /etc/dnsmasq.conf (change eth0 to whichever interface faces your LAN, e.g. wlan0):
server=127.0.0.2#2053 interface=eth0For Bind, edit /etc/bind/named.conf.options and simply add the forwarder line:
forwarders { 127.0.0.2 port 2053; };