DNSCrypt encrypts your DNS traffic automatically. This way, the entire DNS query remains encrypted. In a lot of countries with restricted internet access the ISP block access to some websites for example Facebook, Youtube etc this can be avoided by using DNSCrypt.
Advantages of DNSCrypt
– Prevent DNS Hijacking
– Faster
– Cannot be MITM by ISP
– Can use UDP and TCP for transport
Install Dependency
Install dependency
sudo apt install wget tar -y
Install and Configure DNSCryptDownload DNSCrypt latest version
wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.44/dnscrypt-proxy-linux_x86_64-2.0.44.tar.gz
wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.44/dnscrypt-proxy-linux_x86_64-2.0.44.tar.gz
Extract DNSCrypt Proxy
sudo tar zxvf dnscrypt-proxy-linux_x86_64-2.0.44.tar.gz -C /opt/
Copy config file
sudo cp /opt/linux-x86_64/example-dnscrypt-proxy.toml /opt/linux-x86_64/dnscrypt-proxy.toml
Install DNSCrypt
sudo /opt/linux-x86_64/dnscrypt-proxy -service install
Enable DNSCrypt Proxy on boot
sudo systemctl enable dnscrypt-proxy
Start DNSCrypt Proxy
sudo systemctl start dnscrypt-proxyto enable LAN use this DNSCrypt, change the listen_addresses on /opt/linux-x86_64/dnscrypt-proxy.toml to your computer IP.
listen_addresses = ['127.0.0.1:53']
to
listen_addresses = ['127.0.0.1:53', '192.168.1.2']
My LAN IP range is 192.168.1.0/24, and my homeserver has static IP 192.168.1.2. To enable this by default to all user you can change your router DNS to this IP, but remember the computer must active 24/7, if not no one will able to connect to internet because the DNS server down.
For example setting default DNS on Mikrotik router
Testing DNSCrypt Proxy
To make sure everything working as expected we’ll need to testing our DNSCrypt Proxy
1. Without DNSCrypt
Run following command to test dns resolve using default DNS server on your computer.
sudo /opt/linux-x86_64/dnscrypt-proxy -resolve atetux.com
2. With DNSCrypt
First change DNS to DNSCrypt
echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
Test resolve domain
sudo /opt/linux-x86_64/dnscrypt-proxy -resolve atetux.com
Thanks it works, now i have the latest package. But still unable to access PHub, dont know
what’s the output of
“`
sudo /opt/linux-x86_64/dnscrypt-proxy -resolve DOMAIN.com
“`
nah it actually works, but i need to run “echo “nameserver 127.0.0.1″ | sudo tee /etc/resolv.conf” command everytime i plug the tethering cable.
if you want that to be permanent after running the echo command above set
sudo chattr +i /etc/resolv.confso no one can change these value, to reset the setting
sudo chattr -i /etc/resolv.confanother solution is set on the router which responsible for DHCP server