DNS

DnsCrypt on Ubuntu: Encrypted DNS Traffic

In layman’s terms, DNSCrypt is a lightweight software that enables the user to communicate online privately, without security concerns. It does so by taking all the traffic passing between the users and openDNS and encrypting it, and in turn, stop any malicious intrusions, which prevent hackers from eavesdropping.

In other words, it’s a network security protocol that encrypts and verifies the DNS traffic going back and forth between users and websites, servers, and such. It is available for all mainstream operating systems, including all Linux distros.

DNSCrypt Clients

DNSCrypt clients enable communication between DNS resolver servers and users.

There are many DNSCrypt clients to choose from, but our favorite is dnscrypt-proxy. It features a very intuitive GUI that’s very easy to get used to. Plus, its CLI is pretty great as well. On top of that, it is updated regularly and is available for every mainstream operating system, including all the BSDs.

Other clients such as Simple DNSCrypt and DNSCrypt-OSXClient may tickle your fancy, but dnscrypt-proxy is the one that we’d recommend.

Why Do You Need a DNSCrypt Client?

With a DNSCrypt client comes the following benefits:

  • A DNS client does the work of assessing the traffic integrity concurrently and reporting on it.
  • It boosts latency by sidetracking all the IPv6 data away from IPv4 networks.
  • It manages the queries from a local zone.
  • It sees all the junk and spam you receive.

Installing dnscrypt-proxy on Ubuntu 20.04 or Lesser:

To install dnscrypt-proxy on your device with an Ubuntu version lower than 16, just open the terminal and issue these commands:

$ sudo add-apt-repository ppa:anton+/dnscrypt

$ sudo apt-get update

$ sudo apt-get install dnscrypt-proxy

If you use v16.x or 17.x, you can install the dnscrypt proxy from the Ubuntu repository. Type in the following command:

$ sudo apt-get install dnscrypt-proxy

Once installed, it’d be a good idea to include 127.0.0.2 to the DNS servers that you have on your network.

Then use the command below:

$ service dnscrypt-proxy start

The command above creates a profile named “_dnscrypt-proxy” and initiates the program with that account. To view how the service is doing, issue the command below:

$ service dnscrypt-proxy status

Check whether everything went as intended by visiting the link:

https://www.opendns.com/welcome

If you see the following page, that means the installation went without a hitch.

If you are more detail-oriented, type:

$ dig txt debug.opendns.com

into the command line terminal, and you’ll get:

If the output shows debug.opendns.com. 0 IN TXT “dnscrypt enabled (71447764594D3377)” line, or something resembling that line, and you can rest assured that the installation has been completed.

Wrapping Up

DNSCrypt is exactly what you need if you’re concerned over your online security, especially if you’re worried that someone might be trying to perform hacks such as MitM attacks or eavesdropping.

The keyword here is online security, although DNSCrypt might be a bit excessive for most people who don’t worry about getting hacked. If you just want to protect your browsing data and protect your search history from your ISP, you’re better off just using a VPN.

About the author

Younis Said

Younis Said

I am a freelancing software project developer, a software engineering graduate and a content writer. I love working with Linux and open-source software.