why should I choose dnscrypt-proxy?, you might ask. well, dnscrypt-proxy is:
- simple. install it and leave it. well...sort of
- feature rich. of course, it support dnscrypt protocol but it also support DNS over HTTPS (DoH) and DNS over TLS (DoT) protocol. it also has more features and offer tons of customization
- our repo has it.
please don't get confused by it's name. in this case we only use dnscrypt as a client. which protocol would be used should depends on the DNS server. now, let's get started :3
1. Installing dnscrypt-proxy
simply do,
Code: Select all
sudo apt-get install dnscypt-proxy
2. configure dhcp
by default your dns queries will sent through localhost (127.0.0.1) in debian, dnscrypt-proxy is using 127.0.2.1 so we'll have to manually adjust our system. there are two ways to do it. .
a. using network manager setting
- right click on network manager icon (wifi/network picture). click edit connection.
- choose the connection. click customize (gear picture in the bottom left)
- click ipv4 setting. choose "automatic (dhcp) adresses only". insert 127.0.2.1 in your dns address setting
this method is easy. though, you need to edit all your connection in order to use dnscrypt-proxy. my prefered way is....
b. using dhcp setting
- open /etc/dhcp/dhclient.conf
- search this line
Code: Select all
prepend domain-name-servers
Code: Select all
prepend domain-name-servers 127.0.2.1, 1.1.1.1;
the second address is a backup address, which is a cloudflare's dns. with this method everytime you connected to the internet you'll use these addresses. the last method is....manually edit /etc/resolv.conf
Code: Select all
nameserver 127.0.2.1
nameserver 1.1.1.1
3. test the connection
at this point your system is protected with dns encryption. you can check your connection with "dig" command. you'll have to install dnsutils to get this command. for an example, this command
Code: Select all
dig solydxk.com
Code: Select all
dig solydxk.com
; <<>> DiG 9.11.5-P4-5.1-Debian <<>> solydxk.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59085
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
; PAD: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ("....................................................................")
;; QUESTION SECTION:
;solydxk.com. IN A
;; ANSWER SECTION:
solydxk.com. 1778 IN A 81.169.195.233
;; Query time: 0 msec
;; SERVER: 127.0.2.1#53(127.0.2.1)
;; WHEN: Fri Jul 05 14:10:07 WIB 2019
;; MSG SIZE rcvd: 128
Code: Select all
;; SERVER: 127.0.2.1#53(127.0.2.1)
1. the default resolver would be cloudflare's dns. I think I should mention it since some of you might hate corporates like cloudflare. of course, you can change the resolver to google's or other server. you can check the available server from here https://download.dnscrypt.info/resolver ... solvers.md
2. firefox is using it's own resolver. you should disable it by changing this value
Code: Select all
trr = 1
references:
https://wiki.archlinux.org/index.php/Dnscrypt-proxy