| |
DNSCrypt is used for communication between the DNS client and DNS resolver for encryption and authentication protocols. It can prevent DNS spoofing or middle attacks. DNSCrypt available for most operating systems, including Linux, Windows, MacOSX, Android and iOS. In this tutorial I'm using kernel 4.1 archlinux.
Unbound DNS cache server is used to resolve any DNS queries received. If the user requests a new query, unbound will be stored in the cache, and when the user requests the same request again, unbound will use the saved cache. This would be the first request queries faster.
I will now try to install "DNSCrypt", to ensure the security of the DNS communication with "Unbound" acceleration.
Step One - Install yaourt
Yaourt is one of the AUR (ARCH user warehouse) auxiliary tool that allows users to easily install the program from AUR. Yaourt and pacman uses the same syntax, you can use yaourt to install the program. Here is the simplest way to install yaourt:
1, with the nano or vi editor arch warehouse configuration files, stored in the "/etc/pacman.conf" in.
$ Nano / etc / pacman.conf
2, in the bottom of the Add yaourt warehouse, paste the following script:
[Archlinuxfr]
SigLevel = Never
Server = http://repo.archlinux.fr/$arch
3, with "Ctrl + x", followed by "Y" to save.
4, and then upgrade the warehouse database and use pacman to install yaourt:
$ Sudo pacman -Sy yaourt
Step Two - Install DNSCrypt and Unbound
DNSCrypt and unbound in archlinux repository, you can use the following command to install pacman:
$ Sudo pacman -S dnscrypt-proxy unbound
Then press the "Y" in the installation process.
Step Three - Install dnscrypt-autoinstall
Dnscrypt-autoinstall is automatically installed on a Linux system and configuration DNSCrypt script based. DNSCrypt in AUR, so you must install it using the "yaourt" command.
$ Yaourt -S dnscrypt-autoinstall
Note:
-S = This pacman -S Like the installer.
The fourth step - run dnscrypt-autoinstall
Run with root privileges "dnscrypt-autoinstall" to automatically configure DNSCrypt.
$ Sudo dnscrypt-autoinstall
Next pressing "Enter", then enter "Y" to choose what you want to use DNS provider, I used here without the log and DNSSEC DNSCrypt.eu.
Step 5 - Configuration DNSCrypt and Unbound
1, open dnscrypt of "/etc/conf.d/dnscrypt-config", confirm the configuration file "DNSCRYPTLOCALIP" pointing to local ip, "DNSCRYPTLOCALPORT" configuration according to your own wishes, I was using the 40-port.
$ Nano / etc / conf.d / dnscrypt-config
DNSCRYPT_LOCALIP = 127.0.0.1
DNSCRYPT_LOCALIP2 = 127.0.0.2
DNSCRYPT_LOCALPORT = 40
Save and exit.
2, now you use the nano editor to edit the "/ etc / unbound /" under unbound profile:
$ Nano / etc / unbound / unbound.conf
3, the end of the script, add the following line:
do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@40
Ensure forward-addr and DNSCrypt the "DNSCRYPT_LOCALPORT" consistent. As you can see, using the 40-port.
Then save and exit.
Step Six - run DNSCrypt and Unbound, then added to the boot in
Please run with root privileges DNSCrypt and unbound, you can use the command to run systemctl:
$ Sudosystemctl start dnscrypt-proxy unbound
Adding the service to start. You can run "systemctl enable":
$ Sudo systemctl enable dnscrypt-proxy unbound
Command will create a soft link to "/ usr / lib / systemd / system /" directory service.
Step Seven - resolv.conf configuration and restart all services
resolv.conf file is used to configure the DNS resolver in linux. It is a plain text created by the administrator, so you have to make it and others can not be modified with root privileges to edit.
With nano editor:
$ Nano / etc / resolv.conf
And add the local IP "127.0.0.1". Now with "chattr" command to make him read only:
$ Chattr + i /etc/resolv.conf
note:
If you want to re-edit, use the "chattr -i /etc/resolv.conf" write permissions added.
Now you need to restart DNSCrypt and unbound and networks;
$ Sudosystemctl restart dnscrypt-proxy unbound netctl
If you see an error, check the configuration file.
test
1, the test DNSCrypt
You can be confirmed by https://dnsleaktest.com/ DNSCrypt, click on the "Standard Test" or "extended test" and then wait for the end of the program run.
Now you can see already with DNSCrypt.eu as DNS provider DNSCrypt collaborative work.
2, the test Unbound
Now you should be able to ensure that unbound correctly with "dig" and "drill" command work together.
This is the dig command results:
$ Dig linoxide.com
We now look at the results, "Query time" is "533 msec":
;; Querytime: 533 msec
;; SERVER: 127.0.0.1 # 53 (127.0.0.1)
;; WHEN: SunAug3014: 48: 19 WIB 2015
;; MSG SIZE rcvd: 188
Enter the command again, we see the "Query time" is "0 msec".
;; Querytime: 0 msec
;; SERVER: 127.0.0.1 # 53 (127.0.0.1)
;; WHEN: SunAug3014: 51: 05 WIB 2015
;; MSG SIZE rcvd: 188
DNSCrypt to encrypt DNS client communication and parsing between the ends do well, and Unbound by caching make the same request with another request faster.
to sum up
DNSCrypt is an encrypted data stream protocol DNS client and DNS resolver between. DNSCrypt can run on different operating systems, whether desktop or mobile terminal. Select the DNS provider also includes some important things that should be selected to provide DNSSEC and there is no log. Unbound may be used when the DNS cache, thus speeding up the resolution process because Unbound request cache, then the next client requests the same query, unbound from the value stored in the cache removed. DNSCrypt and Unbound is a powerful combination for security and speed. |
|
|
|