Securing DNS Communication: dnscrypt-proxy

2017-01-02T06:04:03
ID N0WHERE:32295
Type n0where
Reporter N0where
Modified 2017-01-02T06:04:03

Description

dnscrypt-proxy is a flexible DNS proxy. It runs on your computer or router, and can locally block unwanted content, reveal where your devices are silently sending data to, make applications feel faster by caching DNS responses, and improve security and confidentiality by communicating to upstream DNS servers over secure channels.

Setting up dnscrypt-proxy

  1. Save a copy of the example-dnscrypt-proxy.toml configuration file adjusted to your needs as dnscrypt-proxy.toml .
  2. Make sure that nothing else is already listening to port 53 on your system and run (in a console with elevated privileges on Windows) the dnscrypt-proxy application. Change your DNS settings to the configured IP address and check that everything works as expected. A DNS query for resolver.dnscrypt.info should return one of the chosen DNS servers instead of your ISP’s resolver.
  3. Register as a system service (see below).

Installing as a system service (Windows, Linux, MacOS)

With administrator privileges, type dnscrypt-proxy -service install to register dnscrypt-proxy as a system service, and dnscrypt-proxy -service start to start it. On Windows, this is not even required: you can just double-click on server-install.bat to install the service. Done. It will automatically start at boot.

This setup procedure is compatible with Windows, Linux (systemd, Upstart, SysV), and macOS (launchd).

Other commands include stop , restart (useful after a configuration change) and uninstall .

Running it as a non-root user on Linux

The following command adds the required attributes to the dnscrypt-proxy file so that it can run as a non-root user:

sudo setcap cap_net_bind_service=+pe dnscrypt-proxy

Securing DNS Communication: dnscrypt-proxy download Securing DNS Communication: dnscrypt-proxy Securing DNS Communication: dnscrypt-proxy Securing DNS Communication: dnscrypt-proxy Securing DNS Communication Securing DNS Communication Securing DNS Communication Securing DNS Communication Securing DNS Communication Securing DNS Communication Securing DNS Communication