DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.
REQUIREMENTS
Linux/Windows
The original website is : https://www.dnscrypt.org/
What is DNS Spoofing?
First of all DNS means Domain Name Service
DNS spoofing is the process of poisoning entries on a DNS server to redirect a targeted user to a malicious website under attacker control.
The DNS attack typically happens in a public Wi-Fi environment but can occur in any situation where the attacker can poison ARP (Address Resolution Protocol) tables and force targeted user devices into using the attacker-controlled machine as the server for a specific website. It’s the first step in a sophisticated phishing attack on public Wi-Fi, and it can also trick users into installing malware on their devices or divulge sensitive information.
How to install DNSCrypt?
This section is about installing DNSCrypt. DNSCrypt is available for Linux Windows and many more platforms.
? Windows
Visit https://simplednscrypt.org/
Choose your installer
Run the installer
Remember, if you don't know which installer you should choose check this message
Install
If you click "Finish" confirm with yes to start the application.
We will come back to the configuration after the Linux installation.
? Linux
Run: sudo apt install dnscrypt-proxy
After the package has been installed, we can continue with the configuration.
How to configure DNScrypt?
To configure DNSCrypt you need super user permissions in Linux and admin privileges in Windows.
Let's begin with Windows:
First of all we have few settings on the "Main Menu":
Using IPv4/6 Server
Only servers with DNSSEC support
Only servers without logging
Only servers without filter
First of all, i would keep the settings i use.
We are using only a IPv4 Server because IPv6 is not needed.
DNSSEC is basically Domain Name System Security Extensions which helps to have a better secured internet. The basic benefits of DNSSEC are protecting internet, decreases the vulnerability for attacks and fosters innovation.
For privacy we don't want servers which are logging our traffic.
And finally we want to access all websites without filtering that's why i enabled "Only server without filter".
On the "Resolvers"-tab we can see there are about 80 resolvers available. You can choose either the DNSCrypt mode, which is automatic mode, or you can choose resolvers by your own.
For choosing a resolver you click on the resolver f.e. a-and-a (DoH). After choosing a resolver the field of the resolver is green. You can also disable the "Automatic Mode" after you choose minimal one resolver.
"Advanced Settings" gives you the opportunity to choose some other settings like DNS Cache, Block IPv6 and Force TCP.
If you click on "manage listen addresses", then you can see the address which DNSCrypt is using. In my case 127.0.0.1 with port 53.
To start DNSCrypt click this until it's green.
Then click on your Network Card for example Ethernet to enable it.
Let's head over to Linux.
Open /etc/dnscrypt-proxy/dnscrypt-proxy.toml with your favorite text editor and root privileges.
Search the line that begins with "server_names". You can add in this line your resolver.
A supported list of servers can be found here:
Just copy the name and write it like:
Let's restart the service:
To setup DNSCrypt as DNS service, you can use resolvconf.
Just paste this value:
You can add a # before the other lines to comment them out.
For resolvconf change or add the dns-nameservers line for your interface in /etc/network/interfaces
Finally restart the services:
If you don't understand the setup process, you can check the installation wiki of dnscrypt-proxy
github.com
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.
![Gear :gear: ⚙️](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/2699.png)
![Black small square :black_small_square: ▪️](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/25aa.png)
The original website is : https://www.dnscrypt.org/
What is DNS Spoofing?
First of all DNS means Domain Name Service
DNS spoofing is the process of poisoning entries on a DNS server to redirect a targeted user to a malicious website under attacker control.
The DNS attack typically happens in a public Wi-Fi environment but can occur in any situation where the attacker can poison ARP (Address Resolution Protocol) tables and force targeted user devices into using the attacker-controlled machine as the server for a specific website. It’s the first step in a sophisticated phishing attack on public Wi-Fi, and it can also trick users into installing malware on their devices or divulge sensitive information.
How to install DNSCrypt?
This section is about installing DNSCrypt. DNSCrypt is available for Linux Windows and many more platforms.
? Windows
![Keycap: 1 :one: 1️⃣](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/0031-20e3.png)
![Keycap: 2 :two: 2️⃣](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/0032-20e3.png)
![Keycap: 3 :three: 3️⃣](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/0033-20e3.png)
Remember, if you don't know which installer you should choose check this message
Install
If you click "Finish" confirm with yes to start the application.
We will come back to the configuration after the Linux installation.
? Linux
![Keycap: 1 :one: 1️⃣](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/0031-20e3.png)
After the package has been installed, we can continue with the configuration.
How to configure DNScrypt?
To configure DNSCrypt you need super user permissions in Linux and admin privileges in Windows.
Let's begin with Windows:
First of all we have few settings on the "Main Menu":
![Black small square :black_small_square: ▪️](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/25aa.png)
![Black small square :black_small_square: ▪️](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/25aa.png)
![Black small square :black_small_square: ▪️](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/25aa.png)
![Black small square :black_small_square: ▪️](https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/25aa.png)
First of all, i would keep the settings i use.
We are using only a IPv4 Server because IPv6 is not needed.
DNSSEC is basically Domain Name System Security Extensions which helps to have a better secured internet. The basic benefits of DNSSEC are protecting internet, decreases the vulnerability for attacks and fosters innovation.
For privacy we don't want servers which are logging our traffic.
And finally we want to access all websites without filtering that's why i enabled "Only server without filter".
On the "Resolvers"-tab we can see there are about 80 resolvers available. You can choose either the DNSCrypt mode, which is automatic mode, or you can choose resolvers by your own.
For choosing a resolver you click on the resolver f.e. a-and-a (DoH). After choosing a resolver the field of the resolver is green. You can also disable the "Automatic Mode" after you choose minimal one resolver.
"Advanced Settings" gives you the opportunity to choose some other settings like DNS Cache, Block IPv6 and Force TCP.
If you click on "manage listen addresses", then you can see the address which DNSCrypt is using. In my case 127.0.0.1 with port 53.
To start DNSCrypt click this until it's green.
Then click on your Network Card for example Ethernet to enable it.
Let's head over to Linux.
Open /etc/dnscrypt-proxy/dnscrypt-proxy.toml with your favorite text editor and root privileges.
Search the line that begins with "server_names". You can add in this line your resolver.
A supported list of servers can be found here:
DNSCrypt - List of public DoH and DNSCrypt servers
An extensive and constantly updated list of encrypted DNS servers (DoH and DNSCrypt) that are free and publicly accessible.
dnscrypt.info
Just copy the name and write it like:
Code:
server_names = ['adguard-dns']
Let's restart the service:
Code:
sudo systemctl restart dnscrypt-proxy
To setup DNSCrypt as DNS service, you can use resolvconf.
Code:
sudo subl /etc/resolv.conf
Just paste this value:
Code:
nameserver 127.0.2.1
You can add a # before the other lines to comment them out.
For resolvconf change or add the dns-nameservers line for your interface in /etc/network/interfaces
Code:
sudo subl /etc/network/interfaces
dns-nameservers 127.0.2.1
Finally restart the services:
Code:
sudo systemctl restart networking
sudo systemctl restart resolvconf
If you don't understand the setup process, you can check the installation wiki of dnscrypt-proxy
Installation linux
dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols. - DNSCrypt/dnscrypt-proxy