Installing dnscrypt-proxy v1.9.5 at Ubuntu 17.10 is not as easy as before anymore. You don't get automatic settings out-of-the-box, but, you must do a little manual configurations. This is difficult for new comers unless you have a step-by-step guide to do those all. Don't worry! This article explains 6 steps for beginners to install & configure dnscrypt-proxy with pictures. You also get a shell script at the end of this tutorial so you can later repeat the steps quickly. Enjoy!
Subscribe to UbuntuBuzz Telegram Channel to get article updates directly.
What You Will Do
REMEMBER: do any of these tutorial at your own risk.You will replace the original DNS resolver service of Ubuntu (systemd-resolved.service) with DNSCrypt + change the IP Address of your DNSCrypt into 127.0.0.1 (that is, your computer/localhost). For the sake of that you need to:
- change .socket file of systemd,
- reload the daemon configs,
- change DNSCrypt resolver to 'cisco'
- restart DNSCrypt service,
- and disable the system default's DNS resolver.
The final result is DNSCrypt Proxy lives as default DNS resolver in your Ubuntu system (e.g. it starts every boot time).
1. Install DNSCrypt
First step is of course installing the program:
$ sudo apt-get install dnscrypt-proxy
2. Change Resolver to 'cisco'
Second step is changing the default DNS resolver into 'cisco'. This is so you can see the test correctly showing message "dnscrypt enabled".
$ sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.conf
Change the text 'ResolverName fvz-anyone' to become 'ResolverName cisco'
Save by pressing Ctrl+O then pressing Enter
3. Change DNSCrypt Local IP
Third step is changing 127.0.2.1 into 127.0.0.1 at dnscrypt-proxy.socket:
$ grep '127' /lib/systemd/system/dnscrypt-proxy.socket
$ sudo sed -i 's/127.0.2.1/127.0.0.1/g' /lib/systemd/system/dnscrypt-proxy.socket
$ grep '127' /lib/systemd/system/dsncrypt-proxy.socket
4. Reload Daemon for DNSCrypt Configuration
This is simple but very crucial, you must do it:
$ sudo systemctl daemon-reload
5. Restart DNSCrypt Service
Fifth step is restarting the dnscrypt-proxy service once after changing the configuration:
$ sudo systemctl stop dnscrypt-proxy.socket
$ sudo systemctl start dnscrypt-proxy
6. Disable Default System's DNS Service
Edited 28 November 2017: adding rm resolv.conf
Sixth step is turning off permanently the default systemd-resolved DNS service so your system uses only dnscrypt-proxy:
$ sudo systemctl disable systemd-resolved.service
$ sudo systemctl stop systemd-resolved.service
$ sudo rm -v /etc/resolv.conf
Test If DNSCrypt Working
The sixth step above is the final configuration. Now, you should test (online) that dnscrypt-proxy working properly in your Ubuntu system. Basically, you just need 'dig' command below, but more commands I added to make test clearer.
$ dig debug.opendns.com txt
That command should says "dnscrypt enabled".
$ nslookup -type=txt debug.opendns.com
That command should says same thing as dig command.
$ sudo lsof -i -n
That command should informs you dnscrypt exists and lives at 127.0.0.1:53.
Quick Script
Edited 28 November 2017: adding rm resolv.conf
To automate all steps + testing quickly, use this short script. You may find this quick script useful while doing dnscrypt-proxy installation repeatedly (e.g. if you're often running Ubuntu LiveCD like me). This script is hosted at gist.github.com so you need JavaScript to view it.