DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
apt-get install libsodium-dev
Download the latest version of DNSCrypt.
/etc/resolv.confname servers to only contain
nameserver 127.0.0.1. All queries going to localhost will be forwarded through DNSCrypt.
Find a provider you’d like to use from this list: https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv.
Create a systemd service file. Change the
--resolver-nameoption to the name of the provider you have chosen. It’s best if you choose one near you so the response time is still good.
- 12345678910Description=dnscrypt daemonAfter=network.target[Service]ExecStart=/usr/local/sbin/dnscrypt-proxy --resolver-name=ciscoExecReload=/bin/kill -s HUP $MAINPIDExecStop=/bin/kill -s TERM $MAINPID[Install]WantedBy=multi-user.target
Enable and start it.
systemctl enable dnscrypt.service
systemctl start dnscrypt.service