How to Encrypt Your DNS With DNSCrypt on Ubuntu and Debian - LinuxConfig.org


#1
Even if you encrypt your traffic with HTTPS or even use a VPN, in some cases, your DNS traffic remains open and readily readable to your ISP and the rest of the world.
This is a companion discussion topic for the original entry at https://linuxconfig.org/how-to-encrypt-your-dns-with-dnscrypt-on-ubuntu-and-debian

#2

Thanks for this tutorial. How can this be used with IPv6?

TIA


#3

Tried to follow this on Ubuntu 18.04.1 LTS, but needed some alterations:

  • The configuration file is /etc/dnscrypt-proxy/dnscrypt-proxy.conf
  • The server option is called ResolverName, not server_names.
  • The configuration is already set to a specific value ‘fvz-anyone’ (not sure if it takes multiple values).
  • This value ‘fvz-anyone’ is not listed on the page linked in the article.
  • There is a csv file that lists permitted values at a link I cannot post as a new user.
  • In this list, ‘cloudflare’ does not occur.

Apparently very divergent versions exist…?


#4

Your queries are fully encrypted, but the DNSCrypt server that you are using can still see exactly what it is that you are querying for.


#5

Yes, a very divergent versions exists, because the first developer doesn’t maintain it anymore, the version that is being maintained now is called dnscrypt-proxy 2, maintained by jedisct1. (I can’t link Github repository because I just registered, you can find it easily with Google)


#6

That’s why the software has a list of servers, if you test dnscypt-proxy with something like dnsleaktest you can see it uses many different DNS servers.

(You can argue that the list is hosted on a Github repository, but you can always configure it to use other servers.)