DNSCrypt can be an easy way of adding a bit of privacy to your DNS queries as opposed to using big brother's 8.8.8.8 and 8.8.4.4 public DNS. Setting it up is extremely easy, and installers can be downloaded from the DNSCrypt site for most OS, including this one for OS X: DNSCrypt OS X Client

However, if you want to set up DNSCrypt on a small Linux box or router on your LAN, you can use the following easy steps:

apt-get install dnscrypt-proxy dnsmasq

Edit /etc/default/dnscrypt-proxy by defining the following constants, DNSCrypt will be listening on our loopback device on port 2053:

DNSCRYPT_PROXY_LOCAL_ADDRESS=127.0.0.2:2053
DNSCRYPT_PROXY_RESOLVER_NAME=cisco

This sets up the DNSCrypt resolver as Cisco (former OpenDNS), but if you prefer, you can choose a different one from here: /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv

If you use systemd, you also need to edit /etc/systemd/system/sockets.target.wants/dnscrypt-proxy.socket to add the following:

[Socket]
Listen Stream?=127.0.0.2:2053
Listen Datagram?=127.0.0.2:2053

... and restart DNSCrypt

/etc/init.d/dnscrypt-proxy restart

Next, we can use Dnsmasq to cache queries (or Bind if you already have a DNS resolver installed).

For Dnsmasq, edit /etc/dnsmasq.conf (change eth0 to whichever interface faces your LAN, e.g. wlan0):

server=127.0.0.2#2053 interface=eth0

For Bind, edit /etc/bind/named.conf.options and simply add the forwarder line:

forwarders { 127.0.0.2 port 2053; };

submitted by daniel over 5 years ago, voted 24 times

Open | 0 comments