Slackware-14.1-Hacks-DNSCrypt Proxy
Posted 05-19-2014 at 06:52 PM by arniekat
DNSCrypt-Proxy encrypts DNS traffic between your computer and OpenDNS's Name Servers. You will be using OpenDNS's Name Servers instead of your ISP's Domain Name Servers.
In the following case, 192.168.0.1 is the Local Address of the Router/Gateway. Your address may be different. To find your Gateway Address, use the ifconfig command. The address you want is the "inet" entry. Here is a sample:
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255
If you are using wifi, look for the wlan0 entry if you have configured wireless networking.
You need to compile and install the following applications from SlackBuilds.org:
libsodium-0.4.5
dnscrypt-proxy-1.3.2
To start using DNSCrypt, you need to update your /etc/resolv.conf file
# cat /etc/resolv.conf
search linux.net
nameserver 192.168.0.1
and replace your current set of resolvers with:
search linux.net
nameserver 127.0.0.1
DHCP Note - If you are using DHCP, /etc/resolv.conf will be overwritten the next time you reboot. To keep this from happening, change the file to immutable by doing the following (thanks to ArchLinux Wiki):
# chattr +i /etc/resolv.conf
To check that it worked:
# lsattr /etc/resolv.conf
----i--------e-- /etc/resolv.conf
Place the following two lines at the end of /etc/rc.d/rc.local:
# To start the dnscrypt-proxy
dnscrypt-proxy --daemonize
Save the file, exit, and check that the file is executable:
# ls -al /etc/rc.d/rc.local
-rwxr-xr-x 1 root root 272 Aug 11 2006 /etc/rc.d/rc.local
If it is not executable, change it as follows:
# chmod +x /etc/rc.d/rc.local
Restart your computer and confirm you are using OpenDNS by opening your Web Browser and going to:
http://www.opendns.com/welcome
Double-check by clicking on the internetbadguys link to see if OpenDNS blocks this Phishing Test Page.
If you are using a wireless network manager like NetworkManager or Wicd, you need to change the DNS Server entry from 192.168.0.1 to 127.0.0.1.
Note that if you use the "netstat -lundt" command to keep track of what services are running on your box, you will now have a service running that is listening on Port 53, which is the domain service for DNS.
# netstat -lundt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
In the following case, 192.168.0.1 is the Local Address of the Router/Gateway. Your address may be different. To find your Gateway Address, use the ifconfig command. The address you want is the "inet" entry. Here is a sample:
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255
If you are using wifi, look for the wlan0 entry if you have configured wireless networking.
You need to compile and install the following applications from SlackBuilds.org:
libsodium-0.4.5
dnscrypt-proxy-1.3.2
To start using DNSCrypt, you need to update your /etc/resolv.conf file
# cat /etc/resolv.conf
search linux.net
nameserver 192.168.0.1
and replace your current set of resolvers with:
search linux.net
nameserver 127.0.0.1
DHCP Note - If you are using DHCP, /etc/resolv.conf will be overwritten the next time you reboot. To keep this from happening, change the file to immutable by doing the following (thanks to ArchLinux Wiki):
# chattr +i /etc/resolv.conf
To check that it worked:
# lsattr /etc/resolv.conf
----i--------e-- /etc/resolv.conf
Place the following two lines at the end of /etc/rc.d/rc.local:
# To start the dnscrypt-proxy
dnscrypt-proxy --daemonize
Save the file, exit, and check that the file is executable:
# ls -al /etc/rc.d/rc.local
-rwxr-xr-x 1 root root 272 Aug 11 2006 /etc/rc.d/rc.local
If it is not executable, change it as follows:
# chmod +x /etc/rc.d/rc.local
Restart your computer and confirm you are using OpenDNS by opening your Web Browser and going to:
http://www.opendns.com/welcome
Double-check by clicking on the internetbadguys link to see if OpenDNS blocks this Phishing Test Page.
If you are using a wireless network manager like NetworkManager or Wicd, you need to change the DNS Server entry from 192.168.0.1 to 127.0.0.1.
Note that if you use the "netstat -lundt" command to keep track of what services are running on your box, you will now have a service running that is listening on Port 53, which is the domain service for DNS.
# netstat -lundt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
udp 0 0 127.0.0.1:53 0.0.0.0:*
Total Comments 0