-
Notifications
You must be signed in to change notification settings - Fork 1k
Home
Fahad Usman edited this page Feb 23, 2018
·
40 revisions
This page is the official wiki and a documentation.
Anybody can update its content and add new pages to make it great and useful.
Here is the list of people who contributed to this documentation so far:
- Christian Hermann (@bitbeans)
- Frank Denis (@jedisct1)
- Sporif
- CHEF-KOCH
- evilvibes
- Fahad Usman(@fahadshery)
Kali
, here is how you could Encrypt your DNS traffic...
-
-
- Goto: https://dnscrypt.info/implementations
- You will find Installation and Downloads links there
-
uname -a
to see if you are running a 32 or 64 bit OS. I will be downloading 64 bit in step 4. - Open terminal in Kali terminal and download :
wget https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.0.1/dnscrypt-proxy-linux_x86_64-2.0.1.tar.gz
- extract downloaded file:
tar xzvf dnscrypt-proxy-linux_x86_64-2.0.1.tar.gz
- get into the extracted folder:
cd linux-x86_64
- copy
.toml
file:cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
- change ownership:
chown 2000:2000 dnscrypt-proxy.toml
nano dnscrypt-proxy.toml
- You now need to edit
dnscrypt-proxy.toml
file- Look for:
# server_names = ['scaleway-fr', 'google', 'yandex']
- Change to the servers you would like to use and remove the leading
#
. - Example:
server_names = ['google','cisco-ipv6']
- You could use DNS server sources
available at: https://github.com/jedisct1/dnscrypt-proxy/wiki/DNS-server-sources#opennic-servers
- I will be using the Opennic one because some of them don't log dns requests and support dnscrypt like luggs server at opennic, List maintained by Frank Denis at: https://download.dnscrypt.info/dnscrypt-resolvers/v2/opennic.md
-
-
-
To use that list, add this to the `[sources]` section of your `dnscrypt-proxy.toml` configuration file: [sources.'public-resolvers'] url = 'http://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' cache_file = 'public-resolvers.md'
- Now choose the servers that you wish to use from this
public-resolvers file
- For example I am using:
server_names = ['opennic-famicoman', 'opennic-tumabox', 'opennic-luggs']
-
-
-
- Look for:
- Now we are ready to install and start
dnscrypt-proxy
./dnscrypt-proxy -service install
- we also need to point local name-servers to localhost by:
nano /etc/resolv.conf
- Comment all the lines and add
nameserver 127.0.0.1
and save the file
- Now start the service
./dnscrypt-proxy -service start
-
Did you contribute? Feel free to add your name to the list above!
In somecases if you want to run dnscrypt-proxy as a non-root user you'll get the error "[FATAL] listen udp 0.0.0.0:53: bind: permission denied"
to solve this problem you can run the following command and allow dnscrypt to have access to a low level port :
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features