Encrypt DNS Traffic With DNSCrypt

This tutorial describes how to install and set up DNSCrypt on Debian based systems, like Linux Mint, Ubuntu etc.

DNSCrypt Proxy - is a tool for securing communications between a client and a DNS resolver.

It encrypts DNS requests using the DNSCrypt Protocol and pass them to an upstream server, by default OpenDNS.

Resolving dependencies

Install the packages necessary to compile DNSCrypt.

$ sudo apt-get install build-essential

Download and extract the latest libsodium library :

$ wget http://download.libsodium.org/libsodium/releases/libsodium-0.4.2.tar.gz -O - | tar -xz

Install the library :
$ cd libsodium-0.4.2/
$ ./configure && make
$ sudo make install
$ sudo ldconfig
$ cd ..
$ rm -rf libsodium*

DNSCrypt Proxy Installation

Download and extract the latest DNSCrypt Proxy :

$ wget http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.3.3.tar.gz -O - | tar -xz

Install the DNSCrypt Proxy :
$ cd dnscrypt-proxy-1.3.3/
$ ./configure && make
$ sudo make install
$ cd ..
$ rm -rf dnscrypt-proxy*

Run the following command to start DNSCrypt :
$ sudo /usr/local/sbin/dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --edns-payload-size=4096

Reconfigure Network Manager to use DNSCrypt :

  • Open Network Connections from the menu.
  • On the Wired or Wireless tab highlight your active Internet connection.
  • Click "Edit".
  • On the IPv4 Settings tab, set Method to "Automatic (DHCP) addresses only" and set DNS servers to "".
  • Click "Save".
  • Click "Close".

Restart Network Manager :
$ sudo restart network-manager

Final Test

Visit http://www.opendns.com/welcome page to test your connection.

You should be welcomed to OpenDNS.

Run DNSCrypt Proxy at System Startup

Once everything works as expected, it is necessary to include dnscrypt-proxy to our rc.local to run automatically whenever the system boots.

To do this open the /etc/rc.local file :
$ sudo vi /etc/rc.local
Paste the following line before the line where exit 0 appears.
exec /usr/local/sbin/dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --edns-payload-size=4096

More info about DNSCrypt