the itjerk

my adventures with technology

Tag Archives: dnscrypt

dnscrypt2

Spurred on by some recent articles, I decided to switch to dnscrypt2. It’s an improved version, supports a whole slew of things and more resovers.

This was a bit of work, because, stupidly, I disabled dns! Anyway, long story short, I followed the instructions here, and everything worked out okay. I did to issue the following on resolv.conf to get it to ‘stick’:
chattr +i /etc/resolv.conf

desktop:~$ nslookup -type=txt debug.opendns.com
Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
debug.opendns.com text = "server m33.chi"
debug.opendns.com text = "flags 20 0 70 7950800000000000000"
debug.opendns.com text = "originid 0"
debug.opendns.com text = "actype 0"
debug.opendns.com text = "source 23.122.56.207:33649"
debug.opendns.com text = "dnscrypt enabled (714E7A696D657555)"

One the web:
DNScrypt

dnscrypt

Domain Name Service (DNS) is the mechanism by where numeric IP addresses become readable domain names; it’s far easier for me to tell you to visit strawberrybricks.com than a bunch of numbers. When you browse the internet, then, the addresses you type or click on go through a DNS search. Typically, your ISP provides this service, or whomever you get your network connection from – however there is an implicit level of trust involved. Who’s to say that yahoo.com for example, is really yahoo.com? What is the DNS server spoofed the reply? Further, any DNS server can collect a wealth of information by recording your DNS requests. Finally, the speed of your browsing is dependent on how quickly these requests are filled.

Both Google (8.8.8.8) and OpenDNS (208.67.222.222) provide free DNS services that are fast and secure, and supposedly do not track your requests. A third service, Quad9 (9.9.9.9) was very recently launched. Your ISP has a lot of information about you. Switching your DNS to one of these providers is simple (just type them in your router, or network connection), and gives some degree of privacy. Every little bit helps?

DNSCrypt goes one further by encrypting all your DNS requests. It’s an easy enough program to install, available for PC, Mac and Linux, and for routers using DD-WRT. On my Ubuntu box, I needed to install libsodium-dev first, and then was most successful installing DNSCrypt-proxy from source by using the old “configure, make, make install” method with version 1.9.5. Then, you can run it with systemd automatically.

On the web:
DNSCrypt