Install and enable DNSCrypt Proxy 2 in Ubuntu 18.04 or 19.04 / Debian unstable or tested [How To]


DNSCrypt proxy 2 It is a flexible DNS proxy that supports encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTPS.
DNSCrypt is a network protocol used to authenticate and encrypt domain name system (DNS) communications between user computers and recursive name servers. It converts regular DNS traffic into encrypted DNS traffic, which can prevent it from being spy, spoofed or man-in-the-middle attacks, thus improving users’ online security and privacy.
DNSCrypt proxy 2 features include:

  • Encrypted and authenticated DNS traffic, supporting HTTP-over-HTTPS (DoH) and DNSCrypt
  • DNS query monitoring with separate log files for routine and suspicious queries
  • Filtering: block ads, malware and other harmful content
  • DNS cache to reduce latency and improve privacy
  • Local IPv6 blocking to reduce latency on pure IPv4 networks
  • Load balancing: choose a set of resolvers, dnscrypt-proxy will automatically measure and track its speed, and balance the traffic between the fastest resolvers
  • Automatic background update of the resolver list
  • DNSSEC compatible

You can view the complete list of DNSCrypt Proxy v2 features by visiting the project page.
Compared with v1, the 2.0 series of DNSCrypt Proxy first released a stable version in February and rewritten in Go. It supports DNS based on TLS and DNS based on HTTP, and supports DNS caching. It also has a new configuration file format that is incompatible with the old version v1.
DNSCrypt Proxy v2 is available in Debian Testing and Unstable repositories and Ubuntu 18.10 and 19.04 repositories. There is also a PPA for Ubuntu 18.04 and Linux Mint 19. PPA has packages for earlier versions of Ubuntu / Linux Mint, but I cannot make it work properly, so this article only provides instructions about Ubuntu 18.04, Ubuntu 18.10, Ubuntu 19.04, Linux. Mint 19.x, Debian unstable and Debian testing.
Incidentally, for Windows users, there is a simple DNSCrypt Proxy management tool, called Simple DNSCrypt.
In this article:

How to install and enable DNSCrypt Proxy 2 in Ubuntu 19.04 / 18.10 or Debian Unstable / test

Ubuntu 18.10 is the first Ubuntu version to have the new DNSCrypt Proxy 2 in its archive. This package is imported from Debian, so it can also be used in Debian Unstable and Testing. If you installed an older version of dnscrypt-proxy (& lt; 2.0), please clear and reinstall it to install its new configuration:

sudo apt purge dnscrypt-proxy

To install dnscrypt-proxy in Ubuntu 19.04 or 18.10 or Debian Unstable / Testing, use the following command:

sudo apt install dnscrypt-proxy

To use DNSCrypt proxy 2, change DNS to 127.0.2.1 In your network configuration. How to change this setting depends on the desktop environment you are using.
For example, in Ubuntu 18.10 with Gnome desktop (wired network), go to System Settings > Network, Click the gear icon next to the network you ’re connected to, and then IPv4 Tab disabled Automatic nearby DNSAnd then enter 127.0.2.1 As a DNS server, as shown in the following screenshot:
Change DNS Ubuntu 18.10 network

You also need to use the slider (next to (1) in the screenshot) to disable and re-enable the network, or restart it from the command line:

sudo systemctl restart NetworkManager

For WiFi, go to System Settings > WiFi instead. Remember to restart the WiFi network to use the new DNS. In the Debian Unstable / Xfce test, right-click on the network applet in the panel and select Edit Connections. Next, select your active connection and click the gear icon at the bottom to edit it. In IPv4 Settings Label selection Automatic (DHCP) addresses only From Method Drop down menu and enter 127.0.2.1 In the “DNS Server” field, then click Save:
Change DNS Debian Xfce

Next, right-click the network applet in the panel again, and click Enable Networking Disable it once, then click again to re-enable the network. You can also restart it using the following command:

sudo systemctl restart NetworkManager

How to install and enable DNSCrypt Proxy 2 in Ubuntu 18.04 or Linux Mint 19.x

DNSCrypt Proxy v2 has not entered the Ubuntu 18.04 archive, but it has an official PPA that you can use to install it and receive future updates. PPA is compatible with Ubuntu 18.04, Ubuntu 16.04, Linux Mint 19.x and Linux Mint 18.x., but I got DNSCrypt Proxy 2 from this PPA to work in Ubuntu 16.04 or Linux Mint 18 without much success. The following instructions only apply to Ubuntu 18.04 and Linux Mint 19.x. Before adding PPA and installing DNSCrypt Proxy v2, make sure to clear dnscrypt-proxy using the following command (if it has been installed on the system before):

sudo apt purge dnscrypt-proxy

Now you can add PPA and install DNSCrypt Proxy v2 in Ubuntu 18.04 or Linux Mint 19:

sudo add-apt-repository ppa:shevchuk/dnscrypt-proxy
sudo apt update
sudo apt install dnscrypt-proxy

Now you need to change the DNS server to 127.0.2.1 In your network settings. How to change this setting depends on the desktop environment you are using. In Ubuntu 18.04 (Gnome), it is similar to Ubuntu 19.04 / 18.10 (this is exactly the same as the screenshot of Ubuntu 19.04 / 18.10 above): System Settings > Network, Click the gear icon next to the network you want to connect to, and disable in the “IPv4” tab Automatic nearby DNSAnd then enter 127.0.2.1 As a DNS server. Restart the network by disabling and re-enabling the slider next to the connected network, or restart it using the following command:

sudo systemctl restart NetworkManager

For WiFi networks, go to System Settings > WiFi instead. Remember to restart the WiFi network to use the new DNS. For example, in Linux Mint 19 Cinnamon, left-click on the network applet in the bottom panel and select Edit Connections. Next, select your active connection and click the gear icon at the bottom to edit it. In IPv4 Settings Label selection Automatic (DHCP) addresses only From Method Drop down menu and enter 127.0.2.1 In the “DNS Server” field, then click Save:
Change DNS Linux Mint 19 Cinnamon

Next, right-click the network applet in the bottom panel again, click Enable Networking Disable it once, then click again to re-enable the network. You can also restart it using the following command:

sudo systemctl restart NetworkManager

How to check if you are using DNSCrypt proxy

There are multiple ways to check if you are using DNSCrypt proxy and this is the DNS currently in use. Please use the first query below to see if DNSCrypt Proxy really works on your system. The other two queries you want to check the DNS being used on your computer (can be used to check if you are using DNSCrypt Proxy, but the first one is the most reliable).
I. The best way to check if you are using DNSCrypt proxy is to stop the service. Since it has been stopped, DNS resolution will no longer work, thus confirming that the DNSCrypt proxy is actually in use while the service is running.
Use the following command to stop the DNSCrypt proxy service / socket:

sudo systemctl stop dnscrypt-proxy.socket
sudo systemctl stop dnscrypt-proxy

Now try to ping a domain, such as google.com:

ping google.com

The domain should not be resolved and an error is raised, as shown below:

$ ping google.com
ping: google.com Name or service not known

Now that you have confirmed the use of DNSCrypt proxy, please use the following command to start its service / socket again:

sudo systemctl start dnscrypt-proxy
sudo systemctl start dnscrypt-proxy.socket

two. To check the actual IP of the currently used DNS (for example, if you are using Google’s 8.8.8.8 and 8.8.4.4 DNS, the actual IP is not either of them), you can view the output of the command:

dnscrypt-proxy -resolve google.com

For example, using the de.dnsmaschine.net DNS server hosted by vultr.com, it is the output (see the last line, called Resolver IP):

$ dnscrypt-proxy -resolve google.com
Resolving [google.com]

Domain exists:  yes, 4 name servers found
Canonical name: google.com.
IP addresses:   74.125.24.113, 74.125.24.139, 74.125.24.100, 74.125.24.138, 74.125.24.101, 74.125.24.102, 2404:6800:4003:c03::71
TXT records:    facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95 v=spf1 include:_spf.google.com ~all docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e
Resolver IP:    209.250.235.170 (209.250.235.170.vultr.com.)

Third, you can use the DNS leak tester website to find the current DNS resolver. There are many websites available, such as Perfect privacy, DNS leak test, DNS leak test ExpressVPN ipleak.net and many more.

(Optional) How to change DNSCrypt proxy 2 DNS server

With its default configuration, DNSCrypt Proxy 2 automatically selects the fastest server from the servers. List of public servers, They match the filters set in the DNSCrypt Proxy 2 configuration file.
This is the case with the packages in the DNSCrypt Proxy 2 PPA, but not with the packages available in the Ubuntu 19.04 and 18.10 repositories. In Ubuntu 19.04 / 18.10, DNSCrypt Proxy 2 defaults to CloudFlare DNS.
If you want to change the DNSCrypt Proxy 2 server, you need to edit /etc/dnscrypt-proxy/dnscrypt-proxy.toml The configuration file serves as the root. To open this file as root using Gedit (the default Gnome text editor), you can use the following command:

gedit admin:///etc/dnscrypt-proxy/dnscrypt-proxy.toml

Replace gedit Use the graphical text editor of your choice (e.g. xed, It is the default text editor in Linux Mint Cinnamon, etc. ) You may be interested in the following: gksu removed from Ubuntu, this is the recommended alternative
Or, if you want to use the Nano command line editor, use:

sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml

Next, uncomment this file server_names Commented out line (should be near the top-commented out for PPA packages; uncommenting this line means deleting # If it exists, please sign from the beginning of the line).
Copy server name (from Name Column) you want to use from This pageAnd add it to server_names In /etc/dnscrypt-proxy/dnscrypt-proxy.toml. For example, if you only want to add one server, the server_names value should look like this:

server_names = ['server']

If you want to add multiple DNS servers, it should look like this:

server_names = ['server1', 'server2', 'server3']

After making changes to the DNSCrypt Proxy 2 configuration file, you need to restart its systemd service, otherwise the changes will not be applied until you restart. You can restart DNSCrypt proxy 2 using the following command:

sudo systemctl restart dnscrypt-proxy

All DNSCrypt Proxy 2 options can be edited /etc/dnscrypt-proxy/dnscrypt-proxy.toml Configuration file.
If you are using the PPA software package, all DNSCrypt Proxy 2 configuration options are already in /etc/dnscrypt-proxy/dnscrypt-proxy.toml file.
For Ubuntu 19.04 / 18.10 and Debian Testing and Unstable, the DNSCrypt Proxy 2 package provided in the repository comes with a simplified configuration file, which lists only a few options. You can find the original dnscrypt-proxy.toml Up GitHub although. Copy the options you want to use (and uncomment them) /etc/dnscrypt-proxy/dnscrypt-proxy.toml.
Don’t change listen_addresses Value (leave it blank) because it may cause DNSCrypt proxy 2 to stop working. If you must change the DNSCrypt proxy 2 listening address (default is 127.0.2.1 In Debian and Ubuntu), the method is to edit dnscrypt-proxy.socket file.

Source

Sidebar