What is dnscrypt-proxy?
- DNSCrypt encrypts and authenticates DNS traffic between the user and DNS resolver, prevents local spoofing of DNS queries, ensuring that DNS responses are sent by the server of choice. (Wiki)
What is dnsmasq?
- dnsmasq provides services such as DNS cache and DHCP server. As a domain name server (DNS), it can cache DNS queries to improve connection speeds to previously visited sites, and, as a DHCP server, dnsmasq can be used to provide internal IP addresses and routes to computers on a LAN. One or both of these services can be implemented. dnsmasq is considered lightweight and easy to configure; It is designed for use on a personal computer or for use on a network with fewer than 50 computers. It also comes with a PXE server. (Wiki)
What did I use ?:
- To edit the configuration files I used dwarf.
- At all times I did it with my root account, but if they have configured sudo, they can use it quietly.
- To check the cache with the dig command, it is found in bind-tools
within the official repositories, pacman -S bind-tools : )
- As root or using sudo in our terminal or tty we install the dnscrypt-proxy and dnsmasq packages like this:
- The warning message is because I already have them installed, you just have to confirm by pressing Enter:
1 - Let's enable dnscrypt-proxy (remember as root or using sudo):
2 - Now we edit the file / Etc / resolv.conf and in nameserver we delete what is there and put 127.0.0.1 (if they want they can make a backup of the file) and it should look like this:
- Taking into account that NetworkManager writes the resolv.conf file, what we are going to do is protect it against writing with the following command:
3 - Now what we are going to do is look for a server that is closest to our location, but you can use the one that comes by default which is dnscrypt.eu-nl, the list can be opened with localc is here: / usr / share / dnscrypt-proxy / dnscrypt-resolvers.csv like this:
- If we want to modify the server that resolves the default DNS we can edit like this:
- At the end of the file in the [Service] section we modify what is selected in gray and we place the server that we already selected in the list:
4 - By default dnscrypt-proxy uses port 53, since dnsmasq does too, so what we are going to do is change it using again with:
systemctl edit dnscrypt-proxy.service –full and in the [Socket] section we leave it as follows:
5 - Now we configure dnsmasq, we are going to edit the /etc/dnsmasq.conf file and add these three lines at the end:
server = 127.0.0.1 # 40
listen-address = 127.0.0.1
We save the changes and close.
6 - Now we do the following:
- We restart dnscrypt-proxy:
systemctl restart dnscrypt-proxy
- We activate dnsmasq:
systemctl enable dnsmasq
- We execute dnsmasq:
systemctl start dnsmasq
- We restart our internet connection:
systemctl restart NetworkManager
7 - Well now we test if it really works with a ping for example to google.com.ar:
8 - We check if the dns cache works with the dig command:
9 - Ready dnscrypt-proxy and dnsmasq configured and working properly!
Final report: I want to clarify after searching in several places it did not work for me in any way that they showed in the arch wiki, the Spanish version is poorly translated (it will be a question if someone translates well or I will do it at some point) so I used the version in English. So I basically relied on said wiki, all credits to them. In this case, these are the steps I used and it worked for ME.
Any questions or problems they have let me know and we will talk about it until it works!
Goal hug! 😀