Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ How to install Unbound and DNSCrypt in Archlinux     - Let VMware ESXi virtual switch support VLAN (Linux)

- Installation through the network Debian 7 (Wheezy) (Linux)

- CentOS 7 update source - the use of domestic sources 163 yum (Linux)

- Simple configuration shell scripts virtual machine environment experiment (Linux)

- Android development environment to build under Fedora 13 (Linux)

- Linux tar compressed exclude a folder (Linux)

- MNIST presentation and database conversion (Database)

- Linux Security Setup Guide (Linux)

- Oracle 11g maintenance partitions (eight) - Renaming Partitions (Database)

- MySQL how to export files with the date format (Database)

- Linux and Windows Security Topics (Linux)

- Linux crontab use (Linux)

- CentOS 6.6 running level (Linux)

- Oracle DataGuard principles and basic configuration (Database)

- Python script file directory traversal examples (Programming)

- Using Ruby to build a simple HTTP service and sass environment (Server)

- Linux Network Programming --TCP and UDP datagram type Explanation (Programming)

- CentOS7 Minimal minimize installation and then install the GNOME graphical interface (Linux)

- Use Visual Studio to compile and use WinGDB remote debugging embedded Linux programs (Programming)

- CentOS 6.6 x64 Oracle Database 11gR2 RAC automated installation scripts (Database)

 
         
  How to install Unbound and DNSCrypt in Archlinux
     
  Add Date : 2018-11-21      
         
         
         
  DNSCrypt is used for communication between the DNS client and DNS resolver for encryption and authentication protocols. It can prevent DNS spoofing or middle attacks. DNSCrypt available for most operating systems, including Linux, Windows, MacOSX, Android and iOS. In this tutorial I'm using kernel 4.1 archlinux.

Unbound DNS cache server is used to resolve any DNS queries received. If the user requests a new query, unbound will be stored in the cache, and when the user requests the same request again, unbound will use the saved cache. This would be the first request queries faster.

I will now try to install "DNSCrypt", to ensure the security of the DNS communication with "Unbound" acceleration.

Step One - Install yaourt

Yaourt is one of the AUR (ARCH user warehouse) auxiliary tool that allows users to easily install the program from AUR. Yaourt and pacman uses the same syntax, you can use yaourt to install the program. Here is the simplest way to install yaourt:

1, with the nano or vi editor arch warehouse configuration files, stored in the "/etc/pacman.conf" in.

$ Nano / etc / pacman.conf
2, in the bottom of the Add yaourt warehouse, paste the following script:

[Archlinuxfr]
SigLevel = Never
Server = http://repo.archlinux.fr/$arch
3, with "Ctrl + x", followed by "Y" to save.

4, and then upgrade the warehouse database and use pacman to install yaourt:

$ Sudo pacman -Sy yaourt
 

Step Two - Install DNSCrypt and Unbound

DNSCrypt and unbound in archlinux repository, you can use the following command to install pacman:

$ Sudo pacman -S dnscrypt-proxy unbound
Then press the "Y" in the installation process.

 

Step Three - Install dnscrypt-autoinstall

Dnscrypt-autoinstall is automatically installed on a Linux system and configuration DNSCrypt script based. DNSCrypt in AUR, so you must install it using the "yaourt" command.

$ Yaourt -S dnscrypt-autoinstall
Note:

-S = This pacman -S Like the installer.


The fourth step - run dnscrypt-autoinstall

Run with root privileges "dnscrypt-autoinstall" to automatically configure DNSCrypt.

$ Sudo dnscrypt-autoinstall
Next pressing "Enter", then enter "Y" to choose what you want to use DNS provider, I used here without the log and DNSSEC DNSCrypt.eu.

Step 5 - Configuration DNSCrypt and Unbound

1, open dnscrypt of "/etc/conf.d/dnscrypt-config", confirm the configuration file "DNSCRYPTLOCALIP" pointing to local ip, "DNSCRYPTLOCALPORT" configuration according to your own wishes, I was using the 40-port.

$ Nano / etc / conf.d / dnscrypt-config
DNSCRYPT_LOCALIP = 127.0.0.1
DNSCRYPT_LOCALIP2 = 127.0.0.2
DNSCRYPT_LOCALPORT = 40


Save and exit.

2, now you use the nano editor to edit the "/ etc / unbound /" under unbound profile:

$ Nano / etc / unbound / unbound.conf
3, the end of the script, add the following line:

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@40
Ensure forward-addr and DNSCrypt the "DNSCRYPT_LOCALPORT" consistent. As you can see, using the 40-port.

Then save and exit.


Step Six - run DNSCrypt and Unbound, then added to the boot in

Please run with root privileges DNSCrypt and unbound, you can use the command to run systemctl:

$ Sudosystemctl start dnscrypt-proxy unbound
Adding the service to start. You can run "systemctl enable":

$ Sudo systemctl enable dnscrypt-proxy unbound
Command will create a soft link to "/ usr / lib / systemd / system /" directory service.

 

Step Seven - resolv.conf configuration and restart all services

resolv.conf file is used to configure the DNS resolver in linux. It is a plain text created by the administrator, so you have to make it and others can not be modified with root privileges to edit.

With nano editor:

$ Nano / etc / resolv.conf
And add the local IP "127.0.0.1". Now with "chattr" command to make him read only:

$ Chattr + i /etc/resolv.conf
note:

If you want to re-edit, use the "chattr -i /etc/resolv.conf" write permissions added.

Now you need to restart DNSCrypt and unbound and networks;

$ Sudosystemctl restart dnscrypt-proxy unbound netctl
If you see an error, check the configuration file.

 

test

1, the test DNSCrypt

You can be confirmed by https://dnsleaktest.com/ DNSCrypt, click on the "Standard Test" or "extended test" and then wait for the end of the program run.

Now you can see already with DNSCrypt.eu as DNS provider DNSCrypt collaborative work.

2, the test Unbound

Now you should be able to ensure that unbound correctly with "dig" and "drill" command work together.

This is the dig command results:

$ Dig linoxide.com
We now look at the results, "Query time" is "533 msec":

;; Querytime: 533 msec
;; SERVER: 127.0.0.1 # 53 (127.0.0.1)
;; WHEN: SunAug3014: 48: 19 WIB 2015
;; MSG SIZE rcvd: 188
Enter the command again, we see the "Query time" is "0 msec".

;; Querytime: 0 msec
;; SERVER: 127.0.0.1 # 53 (127.0.0.1)
;; WHEN: SunAug3014: 51: 05 WIB 2015
;; MSG SIZE rcvd: 188

DNSCrypt to encrypt DNS client communication and parsing between the ends do well, and Unbound by caching make the same request with another request faster.

to sum up

DNSCrypt is an encrypted data stream protocol DNS client and DNS resolver between. DNSCrypt can run on different operating systems, whether desktop or mobile terminal. Select the DNS provider also includes some important things that should be selected to provide DNSSEC and there is no log. Unbound may be used when the DNS cache, thus speeding up the resolution process because Unbound request cache, then the next client requests the same query, unbound from the value stored in the cache removed. DNSCrypt and Unbound is a powerful combination for security and speed.
     
         
         
         
  More:      
 
- Install Gnome Flashback Classic Desktop on Ubuntu 14.10 / Mint 7 (Linux)
- CentOS7 install JDK (Linux)
- Linux System Getting Started Learning: Linux common log file (Linux)
- C ++ How to determine the types of constants (Programming)
- 14.04.3 Ubuntu configuration and successfully compiled source code Android 6.0 r1 (Programming)
- SSH port forwarding application (Server)
- Oracle conditional select statements and looping statements (Database)
- Oracle Migration partition table (Database)
- Linux startup and logon security settings (Linux)
- C ++ handling text input (Programming)
- Linux systems use IP masquerading anti-hacker (Linux)
- CentOS 7 server environment to quickly build Linux (Server)
- ARP spoofing prevent Linux environment LAN (Linux)
- Python programmers most often committed ten errors (Programming)
- The lambda expression Java8 (constructor references) (Programming)
- Simple solution CC attack under Linux VPS (Linux)
- MySQL event table to achieve timing build a small note (Database)
- Use OpenWrt build WDS wireless network extension on V2 WHR-G300N (Linux)
- Can not remember how to solve the problem under Ubuntu brightness setting (Linux)
- Linux environmental performance data acquisition system (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.