Journal of dabblings in Linux and Software Engineering
Saturday, 8 June 2013
Setting up dnscrypt on Fedora
DNSCrypt is a free service by OpenDNS that provides encrypted DNS lookups. If you are concerned about man-in-the-middle attacks, data collection/spying by various entities or ad injections by unscrupulous ISPs, encrypting your DNS lookups is a good starting point. Bear in mind that just encrypting your DNS lookups will not make you secure online. It has to be used in conjunction with a lot of other tools and services if you really want to safeguard your privacy.
tar xvf dnscrypt-proxy-1.3.0.tar.gz && cd dnscrypt-proxy-1.3.0
./configure
make -j4
sudo make install
Create a new system user to run the service:
sudo adduser -m -N -r -s /bin/false dnscrypt
Now start the service in the foreground to make sure everything is working:
sudo dnscrypt-proxy -u dnscrypt
Change your system DNS server to 127.0.0.1. There are many ways to do this. The adventurous can edit the appropriate script in /etc/sysconfig/network-scripts/. If you don't have NetworkManager installed, editing /etc/resolv.conf would work too. Gnome users: click on the network icon, click 'Network Settings', select the connection and click 'Options'. Then in the 'IPv4 Settings' tab, set the 'Method' to 'Automatic (DHCP) Addresses Only' and type in 127.0.0.1 in the 'DNS Servers' text box.
Restart network service for the DNS server changes to take effect.
sudo systemctl restart network.service
Now you can verify that the changes have taken effect by running dig google.com and checking the output for the line: SERVER: 127.0.0.1#53(127.0.0.1). Alternatively, navigate to http://www.opendns.com/welcome/ using a web browser. The screen will tell you whether you are using OpenDNS or not.
To run the dnscrypt-proxy service on system startup, create a systemd service as follows:
As root, create the file /etc/systemd/system/dnscrypt.service with the following content:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Now the dnscrpyt service will start automatically on every boot. You can manually start or stop the service by issuing the usual systemctl commands as well.
No comments:
Post a Comment