the itjerk

my adventures with technology

Tag Archives: dns

dnscrypt2

Spurred on by some recent articles, I decided to switch to dnscrypt2. It’s an improved version, supports a whole slew of things and more resovers.

This was a bit of work, because, stupidly, I disabled dns! Anyway, long story short, I followed the instructions here, and everything worked out okay. I did to issue the following on resolv.conf to get it to ‘stick’:
chattr +i /etc/resolv.conf

desktop:~$ nslookup -type=txt debug.opendns.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
debug.opendns.com text = "server m33.chi"
debug.opendns.com text = "flags 20 0 70 7950800000000000000"
debug.opendns.com text = "originid 0"
debug.opendns.com text = "actype 0"
debug.opendns.com text = "source 23.122.56.207:33649"
debug.opendns.com text = "dnscrypt enabled (714E7A696D657555)"

One the web:
DNScrypt

dnscrypt

Domain Name Service (DNS) is the mechanism by where numeric IP addresses become readable domain names; it’s far easier for me to tell you to visit strawberrybricks.com than a bunch of numbers. When you browse the internet, then, the addresses you type or click on go through a DNS search. Typically, your ISP provides this service, or whomever you get your network connection from – however there is an implicit level of trust involved. Who’s to say that yahoo.com for example, is really yahoo.com? What is the DNS server spoofed the reply? Further, any DNS server can collect a wealth of information by recording your DNS requests. Finally, the speed of your browsing is dependent on how quickly these requests are filled.

Both Google (8.8.8.8) and OpenDNS (208.67.222.222) provide free DNS services that are fast and secure, and supposedly do not track your requests. A third service, Quad9 (9.9.9.9) was very recently launched. Your ISP has a lot of information about you. Switching your DNS to one of these providers is simple (just type them in your router, or network connection), and gives some degree of privacy. Every little bit helps?

DNSCrypt goes one further by encrypting all your DNS requests. It’s an easy enough program to install, available for PC, Mac and Linux, and for routers using DD-WRT. On my Ubuntu box, I needed to install libsodium-dev first, and then was most successful installing DNSCrypt-proxy from source by using the old “configure, make, make install” method with version 1.9.5. Then, you can run it with systemd automatically.

On the web:
DNSCrypt

dns, search engines and browsing

Secure browsing is much more than clearing your browser’s cache when done surfing. While Tor Browser isn’t for everyone, two quick and easy things I recommend are using DuckDuckGo as your default search engine and switching to either GoogleDNS or OpenDNS for your web browsing. And use a modern, up to date browser!

DuckDuckGo bills itself as “the search engine that doesn’t track you”, which is reason enough to switch. The search engine results are very good, but even better, the use of bangs (!) allows searches directly to thousands of sites, including encrypted to Google (g!). Plus, it’s easy to install as the default engine on your browser.

DNS servers help resolve domain names and their numeric ip addresses. Most ISP’s DNS is notorious for being spotty, and of course, not very private. Using either Google or OpenDNS’s can speed up your browsing, protect from DNS hijacking, and offer protection from phishing. There’s a lot more to using these services than I’ll write, but just entering them into your router is the place to start.

Remember, however, that browsing security also ends with one’s exit on the web. Subject for another time…

One the web:
DuckDuckGo
Google Public DNS
OpenDNS

dynamic dns

Most internet providers, heck, most internet connections are dynamic. Your device gets assigned an IP address when it asks for one. Sometimes it’s the same, but more often than not it might be different. DNS works by resolving a hostname like wordpress.com with an ip address, so everytime you type in wordpress.com you go to the same place.

For home computers, this can be problematic. Enter Dynamic DNS services. Every time your IP address changes, the Dynamic DNS service updates the “a record” with the new number so it can continue to resolve. Routers usually have sections to do this, which is good, because they’ll get notified first. It can also be done with other applications, or even with something like cron.

I’ve used DynDns for many years, but they’ve gone from a free service, to a paid service. Even though $5/mo might not seem like a lot, it’s a lot when you have free options. Enter DuckDNS. Although not that extensible, it’s a free service and provides exactly what I need, for free.

On the web:
http://www.duckdns.org/