How to Encrypt Your DNS With DNSCrypt on Ubuntu and Debian

How to install DNSCrypt on Ubuntu and Debian.

How to configure your DNS server.

How to set DNSCrypt as your system DNS with NetworkManager and with Resolvconf.

NetworkManager DNS Configuration.

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions Category Requirements, Conventions or Software Version Used System A current version of Debian or Ubuntu Software DNSCrypt Other A working install of a supported distribution with root privileges. Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command $ - requires given linux commands to be executed as a regular non-privileged user

Install DNSCrypt

SUBSCRIBE TO NEWSLETTER

Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.

apt

$ sudo apt install dnscrypt-proxy

Configure Your DNS Server

/etc/dnscrypt-proxy/dnscrypt-proxy.toml

server_names

server_names = ['cloudflare']

$ sudo systemctl restart dnscrypt-proxy

Set DNSCrypt As Your System DNS

With NetworkManager

NetworkManager DNS Configuration.

127.0.2.1

$ sudo systemctl restart NetworkManager

With Resolvconf

/etc/resolv.conf

/etc/resolv.conf

nameserver

nameserver 127.0.2.1

Resolvconf DNS Configuration.

dns-nameservers

/etc/network/interfaces

dns-nameservers 127.0.2.1

$ sudo systemctl restart networking $ sudo systemctl restart resolvconf

Closing Thoughts

Even if you encrypt your traffic with HTTPS or even use a VPN, in some cases, your DNS traffic remains open and readily readable to your ISP and the rest of the world. That might not sound like a lot, but it's a major privacy concern. DNS resolves the sites you visit, so reading your DNS records can easily tell the story of your browsing habits.DNSCrypt encrypts your DNS traffic automatically and sends it to DNS servers that also use encryption. This way, the entire transaction remains encrypted throughout. Not even your ISP will be able to see where you're browsing. DNSCrypt is actually one of the easiest services that you can set up on Linux, so there's really no reason not to use it.Begin by installing DNSCrypt. It's already in both Ubuntu and Debian's repositories, so you'll be able to just install it withThere really isn't much that needs to be done in the way of configuration to get DNSCrypt working. Actually, it's probably already working right after your install. You may want to change the DNS server(s) that DNSCrypt connects to, and that's actually a simple thing to do.Openwith your favorite text editor and root privileges. Locate the line that begins with. Add in any of the names on the supported server list surrounded by quotes to the array. The end result should look something like the example below. Cloudflare is a great option, if you're not sure what to use.Save an exit your file. Then, restart the DNSCrypt service.While DNSCrypt is running on our system, your computer isn't configured to use it for DNS. That's the next step. The method you use will depend on how your network connection is configured. Most people are using NetworkManager, as that's the default, but if you've set up something custom with a static IP, you can use Resolvconf too.Open up the settings application for your desktop environment. Go to the "Network" section, and open up the connection that you're using. In the configuration window that opens up, look for the IP4 section. That's usually where you'll find the settings you need.Under that tab, look for the DNS section, and change any existing servers to. Save your changes and exit. Now, restart NetworkManager.If you're using Resolvconf orto specify your name servers, you can still get set up easily. First, if you're just using a plain testfile, you can change ourline to reflect the local DNSCrypt one.For Resolvconf, change or add theline for your interface inGo ahead and restart both networking and Resolvconf. If that doesn't work, restart your computer.Your DNS should now be fully encrypted. DNSCrypt will run automatically in the background. Because of your configuration, all DNS traffic will be diverted through DNSCrypt, encrypted, and sent out to the server that you specified. This is an easy way to control your DNS, and it's not hard to get running, so there's really no reason not to.