This relates to my previous post regarding opendns, google & various ISP’s within the UK. I thought I’d make this post as a lot of people don’t realise it is possible to use dnscrypt with other providers.
Reasons to drop opendns:
- everything is logged
- opendns control, change & block (without you knowing)
- opendns guide
Why use opendns when they log everything and seem to be striking deals with other companies to change things on live networks.
Also opendns guide - when you try a url that does not exist opendns redirects you to their guide. This may seem ok but it is VERY annoying if you are working on CLI as you don’t get expected errors eg: ‘unknown host’. Opendns guide also has at least 4 analytics scripts running, logging your requests.
Changing dnscrypt is pretty easy. Details of various providers can be found on dnscrypt.org & dnscrypt-proxy github
It’s also possible to setup dnscrypt on your own nameserver using dnscrypt-wrapper.
setup dnscrypt on linux
If you installed dnscrypt using the default package manager there should be a config file within conf.d. All you need to do is edit this file and replace the relevant lines.
See example config below.
DNSCRYPT_LOCALIP=127.0.0.1 DNSCRYPT_LOCALPORT=53 DNSCRYPT_USER=nobody DNSCRYPT_PROVIDER_NAME=2.dnscrypt-cert.resolver1.dnscrypt.eu DNSCRYPT_PROVIDER_KEY=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66 DNSCRYPT_RESOLVERIP=18.104.22.168 DNSCRYPT_RESOLVERPORT=443
To apply this just restart the daemon (or just reboot) and make sure you have your local nameserver set to 127.0.0.1 (/etc/resolv.conf)
You can also see the status of dnscrypt with ‘systemctl status dnscrypt-proxy’ or ‘service dnscrypt-proxy status’ (depending on version of linux)
Apr 07 15:58:50 dnscrypt-proxy: [INFO] Initializing libsodium for optimal performance Apr 07 15:58:50 dnscrypt-proxy: [INFO] Generating a new key pair Apr 07 15:58:50 dnscrypt-proxy: [INFO] Done Apr 07 15:58:50 dnscrypt-proxy: [INFO] Server certificate #808464433 received Apr 07 15:58:50 dnscrypt-proxy: [INFO] This certificate looks valid Apr 07 15:58:50 dnscrypt-proxy: [INFO] Chosen certificate #808464433 is valid from [2013-10-22] to [2014-10-22] Apr 07 15:58:50 dnscrypt-proxy: [INFO] Server key fingerprint is 923B:5...1:E253 Apr 07 15:58:50 dnscrypt-proxy: [INFO] Proxying from 127.0.0.1:53 to 22.214.171.124:2053
setup dnscrypt on windows
The best guide for windows setup can be found on the dnscrypt-proxy github.
update: this tool makes windows configuration easy
You can test if this has applied by going to: dnsleaktest.com
related info: DNSCurve