Installing DNSCrypt on Ubuntu-based Linux
What is DNSCrypt?
Even though data is already encrypted using HTTPS and VPN, there is still some open data that can be seen by the ISP, such as the domain or address being accessed.
For example, when you want to visit the site nuxbie.com, your computer will request the IP location list for the domain nuxbie.com from the DNS server. Only then can your computer access nuxbie.com.
Now, DNS servers are usually owned by ISPs which generally inject their DNS servers into users to maximize their service. However, there can be issues, such as the ISP’s DNS server being overloaded or problematic. Or, there could be important sites that users want to access but are filtered by the ISP. To avoid this, users usually change their DNS.
But if users are forced to use the ISP’s DNS, changing to another DNS won’t help because internet traffic will still be filtered through the ISP’s DNS.
That’s where DNSCrypt comes in. DNSCrypt will encrypt DNS traffic from the user to the DNS server. This way, third parties or ISPs will not know the contents of the traffic data, and it will not be filtered or known where the traffic is going. The illustration is as follows:
Illustration without and with DNSCrypt
How to Install DNSCrypt
DNSCrypt is available in the Ubuntu repository. Just run the command below to install it.
sudo apt install dnscrypt-proxyDNSCrypt Configuration
After installing DNSCrypt, it doesn’t require much configuration. The main setting is to change the DNS server.
To change the DNS server, please type…
sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.tomlThen look for server_names. Now you will see
server_names = ['namaserver']Now the nameserver can be replaced with the server name from the complete list of DNS servers supported by DNScrypt -> DNSCrypt server list.
For example, if you want to use the Cloudflare DNS server, then the writing is
server_names = ['cloudflare']Then press <Ctrl+o> then <enter> to save the file and <Ctrl+x> to exit the nano editor.
Don’t forget to restart the PC or restart dnscrypt by typing
sudo systemctl restart dnscrypt-proxyChange Network DNS Using DNSCrypt
To ensure the connection or network uses DNSCrypt, modify which networks will use DNSCrypt.
1. Network settings or configuration
Open network settings. Select settings for the network that will use DNSCrypt (the interface or settings view may vary depending on the distro).
2. Change DNS
Change the Method to Automatic DHCP address only, not Automatic DHCP. If you choose Automatic DHCP, the DNS will automatically use the network’s DNS. However, if you choose Automatic DHCP address only, you can set the DNS manually.
Then, enter the DNS server 127.0.2.1 to use DNSCrypt. Click Save and reconnect the network. Or type…
sudo systemctl restart NetworkManagerCheck if DNSCrypt is working?
To see if DNSCrypt is working, you can check using dnsleak. Or access blocked sites. Or you can check through nslookup by typing
nslookup <namasitus>
Conclusion
DNSCrypt is very helpful if you want to use a fast DNS resolver or alternative DNS, avoid ISP blocking, filter ads, and more with the help of available DNS servers.
Although there are other applications similar to DNSCrypt, DNSCrypt is quite popular and easy to use. Additionally, it has a fairly large list of DNS servers, allowing you to choose a DNS server that suits your preferences.
Source:
https://linuxconfig.org/how-to-encrypt-your-dns-with-dnscrypt-on-ubuntu-and-debian
