DNScrypt is a protocol that is used to improve DNS security by authenticating communications between a DNS client and a DNS resolver. DNSCrypt prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. DNSCrypt is available for multiple platforms including Windows, MacOS, Unix, Android, iOS, Linux and even routers.
DNScrypt installation on Ubuntu
sudo add-apt-repository ppa:anton+/dnscrypt sudo apt-get update sudo apt-get install dnscrypt-proxy
After the installation you need to update your network configuration with dns servers as 127.0.0.2
After that you need to start the dnscrypt using the following steps:
# service dnscrypt-proxy start
The installation automatically creates a user “_dnscrypt-proxy” and runs the service as the that user. You can check the status of the service using:
# service dnscrypt-proxy status
Checking The DNS
You can verify if the installation is working or not by visiting the following link. You will get the following screenshot, if DNScrypt is successfully configured.
Free, DNSCrypt-enabled resolvers are available all over the world
A couple of companies, organizations and individuals are operating public recursive DNS servers supporting the DNSCrypt protocol, so that all you need to run is a client. A constantly updated list of open DNSCrypt resolvers can be downloaded to replace the default CSV file shipped with the dnscrypt-proxy client.
Why DNSCrypt is so significant ?
In the same way SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers.