Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ How to install Unbound and DNSCrypt in Archlinux     - grep regular expression (Linux)

- Oracle background processes daemons (Database)

- Erase do with HTML5 Canvas and diffusion effect (Programming)

- Git commands (Linux)

- How to use the Vault secure password storage and API key (Linux)

- In addition to wget and curl, what better alternatives (Linux)

- CentOS 7 version how to achieve the power to start the graphical interface (Linux)

- CentOS How quickly customize kernel binary RPM package (Linux)

- Security Knowledge: How to hide a backdoor PHP file tips (Linux)

- Detailed PHP code optimization [section] (explain reasons) (Programming)

- How Glances monitoring system on Ubuntu (Linux)

- Linux performance optimization tools perf top (Linux)

- Thinking in Java study notes - Access modifiers (Programming)

- TNS-03505 name could not be resolved (Database)

- CentOS 6.4 installation environment to build Scrapy 0.22 (Linux)

- Usage sed some of the parameters (Linux)

- How to Upgrade Ubuntu GNOME 14.10 to GNOME 3.16 Desktop (Linux)

- How to install Bugzilla 4.4 on Ubuntu / CentOS 6.x (Linux)

- Easy to get hidden administrator account (Linux)

- Integrated security administrator Linux accident management (Linux)

 
         
  How to install Unbound and DNSCrypt in Archlinux
     
  Add Date : 2018-11-21      
         
       
         
  DNSCrypt is used for communication between the DNS client and DNS resolver for encryption and authentication protocols. It can prevent DNS spoofing or middle attacks. DNSCrypt available for most operating systems, including Linux, Windows, MacOSX, Android and iOS. In this tutorial I'm using kernel 4.1 archlinux.

Unbound DNS cache server is used to resolve any DNS queries received. If the user requests a new query, unbound will be stored in the cache, and when the user requests the same request again, unbound will use the saved cache. This would be the first request queries faster.

I will now try to install "DNSCrypt", to ensure the security of the DNS communication with "Unbound" acceleration.

Step One - Install yaourt

Yaourt is one of the AUR (ARCH user warehouse) auxiliary tool that allows users to easily install the program from AUR. Yaourt and pacman uses the same syntax, you can use yaourt to install the program. Here is the simplest way to install yaourt:

1, with the nano or vi editor arch warehouse configuration files, stored in the "/etc/pacman.conf" in.

$ Nano / etc / pacman.conf
2, in the bottom of the Add yaourt warehouse, paste the following script:

[Archlinuxfr]
SigLevel = Never
Server = http://repo.archlinux.fr/$arch
3, with "Ctrl + x", followed by "Y" to save.

4, and then upgrade the warehouse database and use pacman to install yaourt:

$ Sudo pacman -Sy yaourt
 

Step Two - Install DNSCrypt and Unbound

DNSCrypt and unbound in archlinux repository, you can use the following command to install pacman:

$ Sudo pacman -S dnscrypt-proxy unbound
Then press the "Y" in the installation process.

 

Step Three - Install dnscrypt-autoinstall

Dnscrypt-autoinstall is automatically installed on a Linux system and configuration DNSCrypt script based. DNSCrypt in AUR, so you must install it using the "yaourt" command.

$ Yaourt -S dnscrypt-autoinstall
Note:

-S = This pacman -S Like the installer.


The fourth step - run dnscrypt-autoinstall

Run with root privileges "dnscrypt-autoinstall" to automatically configure DNSCrypt.

$ Sudo dnscrypt-autoinstall
Next pressing "Enter", then enter "Y" to choose what you want to use DNS provider, I used here without the log and DNSSEC DNSCrypt.eu.

Step 5 - Configuration DNSCrypt and Unbound

1, open dnscrypt of "/etc/conf.d/dnscrypt-config", confirm the configuration file "DNSCRYPTLOCALIP" pointing to local ip, "DNSCRYPTLOCALPORT" configuration according to your own wishes, I was using the 40-port.

$ Nano / etc / conf.d / dnscrypt-config
DNSCRYPT_LOCALIP = 127.0.0.1
DNSCRYPT_LOCALIP2 = 127.0.0.2
DNSCRYPT_LOCALPORT = 40


Save and exit.

2, now you use the nano editor to edit the "/ etc / unbound /" under unbound profile:

$ Nano / etc / unbound / unbound.conf
3, the end of the script, add the following line:

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@40
Ensure forward-addr and DNSCrypt the "DNSCRYPT_LOCALPORT" consistent. As you can see, using the 40-port.

Then save and exit.


Step Six - run DNSCrypt and Unbound, then added to the boot in

Please run with root privileges DNSCrypt and unbound, you can use the command to run systemctl:

$ Sudosystemctl start dnscrypt-proxy unbound
Adding the service to start. You can run "systemctl enable":

$ Sudo systemctl enable dnscrypt-proxy unbound
Command will create a soft link to "/ usr / lib / systemd / system /" directory service.

 

Step Seven - resolv.conf configuration and restart all services

resolv.conf file is used to configure the DNS resolver in linux. It is a plain text created by the administrator, so you have to make it and others can not be modified with root privileges to edit.

With nano editor:

$ Nano / etc / resolv.conf
And add the local IP "127.0.0.1". Now with "chattr" command to make him read only:

$ Chattr + i /etc/resolv.conf
note:

If you want to re-edit, use the "chattr -i /etc/resolv.conf" write permissions added.

Now you need to restart DNSCrypt and unbound and networks;

$ Sudosystemctl restart dnscrypt-proxy unbound netctl
If you see an error, check the configuration file.

 

test

1, the test DNSCrypt

You can be confirmed by https://dnsleaktest.com/ DNSCrypt, click on the "Standard Test" or "extended test" and then wait for the end of the program run.

Now you can see already with DNSCrypt.eu as DNS provider DNSCrypt collaborative work.

2, the test Unbound

Now you should be able to ensure that unbound correctly with "dig" and "drill" command work together.

This is the dig command results:

$ Dig linoxide.com
We now look at the results, "Query time" is "533 msec":

;; Querytime: 533 msec
;; SERVER: 127.0.0.1 # 53 (127.0.0.1)
;; WHEN: SunAug3014: 48: 19 WIB 2015
;; MSG SIZE rcvd: 188
Enter the command again, we see the "Query time" is "0 msec".

;; Querytime: 0 msec
;; SERVER: 127.0.0.1 # 53 (127.0.0.1)
;; WHEN: SunAug3014: 51: 05 WIB 2015
;; MSG SIZE rcvd: 188

DNSCrypt to encrypt DNS client communication and parsing between the ends do well, and Unbound by caching make the same request with another request faster.

to sum up

DNSCrypt is an encrypted data stream protocol DNS client and DNS resolver between. DNSCrypt can run on different operating systems, whether desktop or mobile terminal. Select the DNS provider also includes some important things that should be selected to provide DNSSEC and there is no log. Unbound may be used when the DNS cache, thus speeding up the resolution process because Unbound request cache, then the next client requests the same query, unbound from the value stored in the cache removed. DNSCrypt and Unbound is a powerful combination for security and speed.
     
         
       
         
  More:      
 
- Java code JIT compiler-friendly Mody (Programming)
- Linux System Getting Started Tutorial: Using the Linux common commands (Linux)
- To solve the Mac in question invalid BASH under configuration environment variable (Linux)
- HomeKit Human Interface Guidelines (Linux)
- Open log in Hibernate (Programming)
- Flask deploy applications using Nginx on Ubuntu (Server)
- CentOS7 installation performance monitoring system (Server)
- Debian users to install FFmpeg 2.2.2 (Linux)
- Ubuntu 14.10 Server configuration wireless Internet access (Server)
- System with Windows Remote Desktop to connect Ubuntu 15.04 (Linux)
- Nginx installation configuration Zabbix (Server)
- BusyBox build root file system (Linux)
- Linux Network Programming - non-blocking program (Programming)
- SecureCRT session buffer size settings (Linux)
- Linux character device - user mode and kernel mode data transfer data (Linux)
- Configuring the PXE server in Ubuntu 14.04 (Server)
- sudoers file parsing (Linux)
- Crawl use Wireshark packet on remote Linux (Linux)
- How to modify the Emacs Major Mode Shortcuts (Linux)
- Linux / Windows setup is complete port range (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.