DNSCrypt encrypts your DNS traffic automatically and sends it to DNS servers that also use encryption. This way, the entire transaction remains encrypted throughout. Not even your ISP will be able to see where you're browsing. DNSCrypt is actually one of the easiest services that you can set up on Linux, so there's really no reason not to use it.
In this tutorial you will learn:
- How to install DNSCrypt on Ubuntu and Debian.
- How to configure your DNS server.
- How to set DNSCrypt as your system DNS with NetworkManager and with Resolvconf.
Software Requirements and Conventions Used
|Category||Requirements, Conventions or Software Version Used|
|System||A current version of Debian or Ubuntu|
|Other||A working install of a supported distribution with root privileges.|
|Conventions|| # - requires given linux commands to be executed with root privileges either directly as a root user or by use of |
Begin by installing DNSCrypt. It's already in both Ubuntu and Debian's repositories, so you'll be able to just install it with
$ sudo apt install dnscrypt-proxy
Configure Your DNS ServerThere really isn't much that needs to be done in the way of configuration to get DNSCrypt working. Actually, it's probably already working right after your install. You may want to change the DNS server(s) that DNSCrypt connects to, and that's actually a simple thing to do.
/etc/dnscrypt-proxy/dnscrypt-proxy.tomlwith your favorite text editor and root privileges. Locate the line that begins with
server_names. Add in any of the names on the supported server list surrounded by quotes to the array. The end result should look something like the example below. Cloudflare is a great option, if you're not sure what to use.
server_names = ['cloudflare']Save an exit your file. Then, restart the DNSCrypt service.
$ sudo systemctl restart dnscrypt-proxy
Set DNSCrypt As Your System DNSWhile DNSCrypt is running on our system, your computer isn't configured to use it for DNS. That's the next step. The method you use will depend on how your network connection is configured. Most people are using NetworkManager, as that's the default, but if you've set up something custom with a static IP, you can use Resolvconf too.
With NetworkManagerOpen up the settings application for your desktop environment. Go to the "Network" section, and open up the connection that you're using. In the configuration window that opens up, look for the IP4 section. That's usually where you'll find the settings you need.
Under that tab, look for the DNS section, and change any existing servers to
127.0.2.1. Save your changes and exit. Now, restart NetworkManager.
$ sudo systemctl restart NetworkManager
With ResolvconfIf you're using Resolvconf or
/etc/resolv.confto specify your name servers, you can still get set up easily. First, if you're just using a plain test
/etc/resolv.conffile, you can change our
nameserverline to reflect the local DNSCrypt one.
dns-nameserversline for your interface in
dns-nameservers 127.0.2.1Go ahead and restart both networking and Resolvconf. If that doesn't work, restart your computer.
$ sudo systemctl restart networking $ sudo systemctl restart resolvconf