Skip to content
Fahad Usman edited this page Feb 23, 2018 · 40 revisions


This page is the official wiki and a documentation.

Anybody can update its content and add new pages to make it great and useful.

Here is the list of people who contributed to this documentation so far:

Setting it up on Kali Linux

If you are using Kali, here is how you could Encrypt your DNS traffic...
      1. Goto: https://dnscrypt.info/implementations
      2. You will find Installation and Downloads links there
      3. uname -a to see if you are running a 32 or 64 bit OS. I will be downloading 64 bit in step 4.
      4. Open terminal in Kali terminal and download : wget https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.0.1/dnscrypt-proxy-linux_x86_64-2.0.1.tar.gz
      5. extract downloaded file: tar xzvf dnscrypt-proxy-linux_x86_64-2.0.1.tar.gz
      6. get into the extracted folder: cd linux-x86_64
      7. copy .toml file: cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
      8. change ownership: chown 2000:2000 dnscrypt-proxy.toml
      9. nano dnscrypt-proxy.toml
      10. You now need to edit dnscrypt-proxy.toml file
        1. Look for: # server_names = ['scaleway-fr', 'google', 'yandex']
        2. Change to the servers you would like to use and remove the leading #.
        3. Example: server_names = ['google','cisco-ipv6']
        4. You could use DNS server sources available at: https://github.com/jedisct1/dnscrypt-proxy/wiki/DNS-server-sources#opennic-servers
        5. I will be using the Opennic one because some of them don't log dns requests and support dnscrypt like luggs server at opennic, List maintained by Frank Denis at: https://download.dnscrypt.info/dnscrypt-resolvers/v2/opennic.md
              1. To use that list, add this to the `[sources]` section of your
                `dnscrypt-proxy.toml` configuration file:
                    [sources.'public-resolvers']
                    url = 'http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
                    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
                    cache_file = 'public-resolvers.md'
              2. Now choose the servers that you wish to use from this public-resolvers file
              3. For example I am using: server_names = ['opennic-famicoman', 'opennic-tumabox', 'opennic-luggs']
      11. Now we are ready to install and start dnscrypt-proxy
      12. ./dnscrypt-proxy -service install
      13. we also need to point local name-servers to localhost by:
        1. nano /etc/resolv.conf
        2. Comment all the lines and add nameserver 127.0.0.1 and save the file
      14. Now start the service ./dnscrypt-proxy -service start
Now if you fireup the wireshark, and log the DNS traffic, it has been encrypted

Did you contribute? Feel free to add your name to the list above!

Clone this wiki locally