Many tutorials we found on internet talk about DNSCrypt but no one talks about Ubuntu 15.04. As you know, Ubuntu 15.04 brings big changes named systemd (replaced upstart as init system). So, installing DNSCrypt on 12.04 will be different with 15.04. I try to write an article about it. In short, DNSCrypt will encrypt our DNS request so our connection will be secure from DNS hijacking or any of such security attack. We will install DNSCrypt via PPA from Pascal Mons because some days ago he uploaded the Vivid packages for DNSCypt. Thanks for Pascal Mons.
Summary
- Install DNSCrypt (from PPA).
- Start DNSCrypt process.
- Set 127.0.0.2 DNS.
- Restart systemD Network.Manager service.
- Check Your DNS
- Create A systemD Service.
1. Install DNSCrypt
Use these commands to install a new repository and install package dnscrypt-proxy on your Ubuntu 15.04.
sudo add-apt-repository ppa:anton+/dnscrypt sudo apt-get update sudo apt-get install dnscrypt-proxyIts PPA address is https://launchpad.net/~anton+/+archive/ubuntu/dnscrypt.
2. Start DNSCrypt
sudo dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u dnscryptExplanation - This command will start dnscrypt-proxy program with OpenDNS DNS service (yes, you may select another DNS), start it on 127.0.0.2 address at port 53, and run it as dnscrypt user (this user is created when you install it from PPA). It will not automatically start DNSCrypt at booting.
3. Set Your DNS To 127.0.0.2
First Option - Use your Network Manager GUI, change your DHCP settings. Make sure you make it uses 127.0.0.2. See picture below.
Second Option - Edit your /etc/resolv.conf file so it has nameserver 127.0.0.2 line. See picture below.
Third Option - there are some way more to change system DNS. You may use your own way.
Explanation - You have started dnscrypt on 127.0.0.2 address so you must "force" your system to use 127.0.0.2 DNS to connect to internet.
4. Restart The systemD Network Manager Service
sudo systemctl restart NetworkManager.serviceExplanation - This is systemd command to restart Network Manager service. You should type correct case for every character.
5. Check Your DNS
First Option - Visit http://opendns.org/welcome. If you have changed your DNS correctly to OpenDNS (because of DNSCrypt), then the page will tell that you are using OpenDNS. If not, the page will say you are not using OpenDNS. It is the easiest way. See picture below.
Second Option - Visit http://internetbadguys.com. If you are using OpenDNS, then that page will show you OpenDNS warning for phising site. If you are not, then you will see a text saying internetbadguys is only a demo site. See picture below.
Third Option - Use command sudo tcpdump -i wlan0 and see the outputs. If you see output like resolver2.opendns.com.https then it means your OpenDNS (via DNSCrypt) works. Change the wlan0 parameter with your current network interface. Again, you may change your DNS outside OpenDNS.
6. Create A systemD Service for DNSCrypt
First - Create a file named dnscrypt.service (the name will be the command) in /etc/systemd/system. To do it, use Gedit with command sudo gedit /etc/systemd/system/dnscrypt.service. You may use vi or nano too.
Second - Fill that file with these lines of code. This is dnscrypt configuration for Ubuntu systemd. See the picture.
[Unit] Description=DNS Encryption Tool from OpenDNS After=NetworkManager.service [Service] ExecStart=/usr/sbin/dnscrypt-proxy -R opendns -a 127.0.0.2:53 -u dnscrypt ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=basic.target
Third - After editing one system service, you should reload systemd. The command is sudo systemctl daemon-reload.
Fourth - Test it. If it is correct, you must able to start it now by command sudo systemctl start dnscrypt.service (when no another dnscrypt started). Look for the running process with ps aux | grep dns command. See picture below.
sudo systemctl start dnscrypt service ps aux | grep dns
Fifth - If you configure correctly, dnscrypt will always run when you start your Ubuntu. No need to type any command every you want to connect.