DNSCrypt

Lord777

Professional
Messages
2,578
Reaction score
1,520
Points
113
DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.

It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.

⚙️ REQUIREMENTS
▪️Linux/Windows

The original website is : https://www.dnscrypt.org/

What is DNS Spoofing?
First of all DNS means Domain Name Service

DNS spoofing is the process of poisoning entries on a DNS server to redirect a targeted user to a malicious website under attacker control.

The DNS attack typically happens in a public Wi-Fi environment but can occur in any situation where the attacker can poison ARP (Address Resolution Protocol) tables and force targeted user devices into using the attacker-controlled machine as the server for a specific website. It’s the first step in a sophisticated phishing attack on public Wi-Fi, and it can also trick users into installing malware on their devices or divulge sensitive information.

How to install DNSCrypt?
This section is about installing DNSCrypt. DNSCrypt is available for Linux Windows and many more platforms.

? Windows
1️⃣ Visit https://simplednscrypt.org/
2️⃣ Choose your installer
3️⃣ Run the installer

Remember, if you don't know which installer you should choose check this message
photo_2021-09-11_20-42-57.jpg

photo_2021-09-11_20-43-12.jpg

photo_2021-09-11_20-43-25.jpg

photo_2021-09-11_20-43-40.jpg

Install

photo_2021-09-11_20-45-23.jpg

If you click "Finish" confirm with yes to start the application.

photo_2021-09-11_20-46-14.jpg

We will come back to the configuration after the Linux installation.

? Linux

1️⃣ Run: sudo apt install dnscrypt-proxy

After the package has been installed, we can continue with the configuration.

How to configure DNScrypt?
To configure DNSCrypt you need super user permissions in Linux and admin privileges in Windows.

Let's begin with Windows:
photo_2021-09-11_20-55-13.jpg


First of all we have few settings on the "Main Menu":
▪️Using IPv4/6 Server
▪️Only servers with DNSSEC support
▪️Only servers without logging
▪️Only servers without filter

First of all, i would keep the settings i use.

We are using only a IPv4 Server because IPv6 is not needed.

DNSSEC is basically Domain Name System Security Extensions which helps to have a better secured internet. The basic benefits of DNSSEC are protecting internet, decreases the vulnerability for attacks and fosters innovation.

For privacy we don't want servers which are logging our traffic.

And finally we want to access all websites without filtering that's why i enabled "Only server without filter".

photo_2021-09-11_21-00-06.jpg

On the "Resolvers"-tab we can see there are about 80 resolvers available. You can choose either the DNSCrypt mode, which is automatic mode, or you can choose resolvers by your own.

For choosing a resolver you click on the resolver f.e. a-and-a (DoH). After choosing a resolver the field of the resolver is green. You can also disable the "Automatic Mode" after you choose minimal one resolver.

photo_2021-09-11_21-02-12.jpg

"Advanced Settings" gives you the opportunity to choose some other settings like DNS Cache, Block IPv6 and Force TCP.

If you click on "manage listen addresses", then you can see the address which DNSCrypt is using. In my case 127.0.0.1 with port 53.

photo_2021-09-11_21-07-24.jpg

To start DNSCrypt click this until it's green.

photo_2021-09-11_21-07-48.jpg

Then click on your Network Card for example Ethernet to enable it.

Let's head over to Linux.
photo_2021-09-11_21-12-42.jpg

Open /etc/dnscrypt-proxy/dnscrypt-proxy.toml with your favorite text editor and root privileges.

Search the line that begins with "server_names". You can add in this line your resolver.

A supported list of servers can be found here:

Just copy the name and write it like:
Code:
server_names = ['adguard-dns']

Let's restart the service:
Code:
sudo systemctl restart dnscrypt-proxy

To setup DNSCrypt as DNS service, you can use resolvconf.
Code:
sudo subl /etc/resolv.conf

Just paste this value:
Code:
nameserver 127.0.2.1

You can add a # before the other lines to comment them out.

For resolvconf change or add the dns-nameservers line for your interface in /etc/network/interfaces
Code:
sudo subl /etc/network/interfaces
dns-nameservers 127.0.2.1

Finally restart the services:
Code:
sudo systemctl restart networking
sudo systemctl restart resolvconf

If you don't understand the setup process, you can check the installation wiki of dnscrypt-proxy
 
Top