LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Blogs > arniekat
User Name
Password

Notices

Rate this Entry

Slackware-14.1-Hacks-DNSCrypt Proxy

Posted 05-19-2014 at 06:52 PM by arniekat

DNSCrypt-Proxy encrypts DNS traffic between your computer and OpenDNS's Name Servers. You will be using OpenDNS's Name Servers instead of your ISP's Domain Name Servers.

In the following case, 192.168.0.1 is the Local Address of the Router/Gateway. Your address may be different. To find your Gateway Address, use the ifconfig command. The address you want is the "inet" entry. Here is a sample:

# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255

If you are using wifi, look for the wlan0 entry if you have configured wireless networking.

You need to compile and install the following applications from SlackBuilds.org:

libsodium-0.4.5
dnscrypt-proxy-1.3.2

To start using DNSCrypt, you need to update your /etc/resolv.conf file

# cat /etc/resolv.conf

search linux.net
nameserver 192.168.0.1

and replace your current set of resolvers with:

search linux.net
nameserver 127.0.0.1

DHCP Note - If you are using DHCP, /etc/resolv.conf will be overwritten the next time you reboot. To keep this from happening, change the file to immutable by doing the following (thanks to ArchLinux Wiki):

# chattr +i /etc/resolv.conf

To check that it worked:

# lsattr /etc/resolv.conf
----i--------e-- /etc/resolv.conf

Place the following two lines at the end of /etc/rc.d/rc.local:

# To start the dnscrypt-proxy
dnscrypt-proxy --daemonize

Save the file, exit, and check that the file is executable:

# ls -al /etc/rc.d/rc.local
-rwxr-xr-x 1 root root 272 Aug 11 2006 /etc/rc.d/rc.local

If it is not executable, change it as follows:

# chmod +x /etc/rc.d/rc.local

Restart your computer and confirm you are using OpenDNS by opening your Web Browser and going to:

http://www.opendns.com/welcome

Double-check by clicking on the internetbadguys link to see if OpenDNS blocks this Phishing Test Page.

If you are using a wireless network manager like NetworkManager or Wicd, you need to change the DNS Server entry from 192.168.0.1 to 127.0.0.1.

Note that if you use the "netstat -lundt" command to keep track of what services are running on your box, you will now have a service running that is listening on Port 53, which is the domain service for DNS.

# netstat -lundt

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
Posted in Uncategorized
Views 179 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 04:35 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration