LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 02-21-2012, 02:07 AM   #1
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,732
Blog Entries: 12

Rep: Reputation: 454Reputation: 454Reputation: 454Reputation: 454Reputation: 454
Cool DNSCrypt


Encrypt DNS Traffic In Linux With DNSCrypt (Via OpenDNS) ~ Web Upd8: Ubuntu / Linux blog : http://www.webupd8.org/2012/02/encry...inux-with.html

Start DNSCrypt at boot.
Quote:
nano /etc/init.d/dnscrypt.sh
Paste:

### BEGIN INIT INFO
# Provides: dnscrypt
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: DNSCrypt for OpenDNS
# Description: Launch the dnscrypt to communicate with OpenDNS
### END INIT INFO

/usr/sbin/dnscrypt-proxy --daemonize

Save then:
cd /etc/init.d/
chmod +x dnscrypt.sh
update-rc.d dnscrypt.sh defaults
update-rc.d dnscrypt.sh enable

Configure your connection manager to use 127.0.0.1 as DNS and now it should work
Tested, it works with no problems here.

You can download the actual package from the OpenDNS blog.
OpenDNS Community > Blog > Tales from the DNSCrypt: Linux Rising : http://blog.opendns.com/2012/02/16/t...-linux-rising/

Last edited by craigevil; 02-21-2012 at 02:09 AM.
 
Old 02-21-2012, 02:23 AM   #2
k3lt01
Senior Member
 
Registered: Feb 2011
Location: Australia
Distribution: Debian Wheezy, Jessie, Sid/Experimental, playing with Slackware 14.
Posts: 2,459

Rep: Reputation: 507Reputation: 507Reputation: 507Reputation: 507Reputation: 507Reputation: 507
Thanks for posting this, I've bookmarked the article and will give it a go tomorrow sometime.
 
Old 02-23-2012, 07:36 PM   #3
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,732
Blog Entries: 12

Original Poster
Rep: Reputation: 454Reputation: 454Reputation: 454Reputation: 454Reputation: 454
Really surprised more people haven't commented on this.

For me at least it is just one more step in being safe, secure, and more or less anonymous.

dnscrypt+tor+HTTPS Everywhere(SSL)

Added the info about DNSCrypt to my blog post:
Security and Privacy on the Internet - LinuxQuestions.org : http://www.linuxquestions.org/questi...internet-3080/
 
Old 02-24-2012, 04:34 AM   #4
the trooper
Senior Member
 
Registered: Jun 2006
Location: England
Distribution: Debian Testing/Unstable Amd64
Posts: 1,471

Rep: Reputation: Disabled
Working for me here.
Had to use the .deb file you linked to.
The only other thing I had to do was re-start my router.
Thanks craigevil.
 
Old 03-02-2012, 07:30 PM   #5
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,732
Blog Entries: 12

Original Poster
Rep: Reputation: 454Reputation: 454Reputation: 454Reputation: 454Reputation: 454
Post in antiX forum that goes into way more detail on how to use DNDCrypt with the unbound dns cache.

antiX-forum - View topic - Secure DNS with DNScrypt - http://antix.freeforums.org/post23679.html#p23679
 
Old 03-13-2012, 05:37 PM   #6
the trooper
Senior Member
 
Registered: Jun 2006
Location: England
Distribution: Debian Testing/Unstable Amd64
Posts: 1,471

Rep: Reputation: Disabled
Seems I may have spoken too soon.Lost dns resolution with dns crypt.
I could ping on ip address,just not on a url.
Removed the dns crypt .deb and re-configured my router accordingly.
Not reliable enough for me.
 
Old 03-13-2012, 06:05 PM   #7
craigevil
Senior Member
 
Registered: Apr 2005
Location: OZ
Distribution: Debian Sid
Posts: 4,732
Blog Entries: 12

Original Poster
Rep: Reputation: 454Reputation: 454Reputation: 454Reputation: 454Reputation: 454
Cool

Quote:
Originally Posted by the trooper View Post
Seems I may have spoken too soon.Lost dns resolution with dns crypt.
I could ping on ip address,just not on a url.
Removed the dns crypt .deb and re-configured my router accordingly.
Not reliable enough for me.
No issues with it here. Although just to be on the safe side I do have the normal OpenDNS nameserves in my resolv.conf

Code:
  cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 208.67.220.220
nameserver 208.67.222.222
Using dig I receive an instant response.
Code:
 $ dig @127.0.0.1 www.yahoo.com

; <<>> DiG 9.8.1-P1 <<>> @127.0.0.1 www.yahoo.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22767
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: Messages has 101 extra bytes at end

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yahoo.com.                 IN      A

;; ANSWER SECTION:
www.yahoo.com.          125     IN      CNAME   fp3.wg1.b.yahoo.com.
fp3.wg1.b.yahoo.com.    9       IN      CNAME   any-fp3-lfb.wa1.b.yahoo.com.
any-fp3-lfb.wa1.b.yahoo.com. 17 IN      CNAME   any-fp3-real.wa1.b.yahoo.com.
any-fp3-real.wa1.b.yahoo.com. 17 IN     A       98.139.183.24
any-fp3-real.wa1.b.yahoo.com. 17 IN     A       209.191.122.70

;; Query time: 49 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Mar 13 19:04:13 2012
;; MSG SIZE  rcvd: 256
 
Old 03-15-2012, 08:27 AM   #8
RobertEachus
Member
 
Registered: Dec 2011
Posts: 32

Rep: Reputation: 8
Why DNSCRYPT?

Ok, so you can encrypt your DNS queries all the way to OpenDNS who then decrypts all your requests and can log all of your queries by IP address with a nice date and time stamp. Hmmm don't want to provide this information to OpenDNS or your ISP? Run a full recursion DNS server. Now only the sites you connect to will get the information about when you connected to them, however someone intercepting the traffic between you and your ISP would still be able to tell where you are going... well without the DNS information they could still look at all the other traffic and see where it is going (destination IP). So what exactly are we getting by encrypting our DNS traffic?

Don't get me wrong this is great and I am sure this will find some great applications that I just haven't thought of yet but so far I haven't thought of them.
 
  


Reply

Tags
dns, dnscrypt, dnsmasq, dnsserver, opendns


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 01:45 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration