Debian 8 - DNSCrypt

Dec 8, 2016

DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.

1. Install libsodium
   • apt-get install libsodium-dev
2. Download the latest version of DNSCrypt.
   • https://download.dnscrypt.org/dnscrypt-proxy/

3. Extract.

4. ./configure

5. make

6. make install

7. Edit your /etc/resolv.conf name servers to only contain nameserver 127.0.0.1. All queries going to localhost will be forwarded through DNSCrypt.

8. Find a provider you’d like to use from this list: https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv.

9. Create a systemd service file. Change the --resolver-name option to the name of the provider you have chosen. It’s best if you choose one near you so the response time is still good.
   • /etc/systemd/system/dnscrypt.service
   • ```[Unit] Description=dnscrypt daemon After=network.target

[Service] ExecStart=/usr/local/sbin/dnscrypt-proxy –resolver-name=cisco ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s TERM $MAINPID

[Install] WantedBy=multi-user.target

1. Enable and start it.
   - `systemctl enable dnscrypt.service`
   - `systemctl start dnscrypt.service`

● dnscrypt.service - dnscrypt daemon Loaded: loaded (/etc/systemd/system/dnscrypt.service; disabled) Active: active (running) since Fri 2016-12-09 02:51:55 UTC; 2s ago Process: 23833 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS) Main PID: 23836 (dnscrypt-proxy) CGroup: /system.slice/dnscrypt.service └─23836 /usr/local/sbin/dnscrypt-proxy –resolver-name=cs-ussouth

Dec 09 02:51:55 dnscrypt-proxy[23836]: [INFO] - [cs-ussouth] does not support DNS Security Extensions Dec 09 02:51:55 dnscrypt-proxy[23836]: [INFO] + Provider supposedly doesn’t keep logs Dec 09 02:51:55 dnscrypt-proxy[23836]: [NOTICE] Starting dnscrypt-proxy 1.7.0 Dec 09 02:51:55 dnscrypt-proxy[23836]: [INFO] Generating a new session key pair Dec 09 02:51:55 dnscrypt-proxy[23836]: [INFO] Done Dec 09 02:51:55 dnscrypt-proxy[23836]: [INFO] Server certificate with serial ‘0001’ received Dec 09 02:51:55 dnscrypt-proxy[23836]: [INFO] This certificate is valid Dec 09 02:51:55 dnscrypt-proxy[23836]: [INFO] Chosen certificate #808464433 is valid from [2016-11-03] to [2026-11-01] Dec 09 02:51:55 dnscrypt-proxy[23836]: [INFO] Server key fingerprint is BAB8:591D:F2F8:10AA:362E:6CF9:AB91:3573:1EA9:AD44:20D5:6A3F:492E:5083:C435:5236 Dec 09 02:51:55 dnscrypt-proxy[23836]: [NOTICE] Proxying from 127.0.0.1:53 to 70.32.38.67:443

udp 0 0 127.0.0.1:53 0.0.0.0:* 23836/dnscrypt-prox ```

linux Related

• Linux 4G LTE Failover

  Aug 22, 2020

• Backing Up VM Images to Wasabi (or S3, B2, etc.)

  May 20, 2020

• Headless Fluxbox / TightVNC

  Apr 21, 2019

• Backup Disks Using Netcat

  Nov 3, 2018

• Benchmarking KVM/ZFS on Ubuntu 18.04 (raidz2)

  Oct 29, 2018

• EZ Arch Encrypted Installation

  Sep 1, 2018

• Hiding Symbols in ELF Binaries

  Jul 4, 2018

Comments