Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Server \ How to install Unbound and DNSCrypt in Archlinux     - Vagrant build LNMP environment (Server)

- Two programs HAProxy + Heartbeat (note, the secondary server vip, normal HAProxy boot method) (Server)

- MySQL 5.7.10 source code for the latest version of the installation process in detail (Database)

- Linux desktop system using the remote server in clear text ssh password (Server)

- Use OpenSSL to generate a certificate detailed process (Linux)

- Linux IO redirection (Linux)

- Linux redirection and piping (Linux)

- C ++ Fundamentals study notes (Programming)

- To install HDRMerge 0.4.3 under ubuntu (Linux)

- Linux firewall to prevent external network attacks (Linux)

- Linux installation beautify early experience (Linux)

- How to run Docker client in Windows operating system (Linux)

- Ubuntu uses under KVM + Qemu virtual machine build (Linux)

- map and hash_map STL containers (Programming)

- Execute command sentence can result in equipment permanently bricked in Linux laptop (Linux)

- C ++ implementation of the list of basic operations and test cases (Programming)

- VSFTPD Security (Linux)

- Linux System Tutorial: Ubuntu on the desktop is disabled by default keyring to unlock tips (Linux)

- iscsiadm command usage (Linux)

- Jetty JNDI Development combat (Linux)

  How to install Unbound and DNSCrypt in Archlinux
  Add Date : 2018-11-21      
  DNSCrypt is used for communication between the DNS client and DNS resolver for encryption and authentication protocols. It can prevent DNS spoofing or middle attacks. DNSCrypt available for most operating systems, including Linux, Windows, MacOSX, Android and iOS. In this tutorial I'm using kernel 4.1 archlinux.

Unbound DNS cache server is used to resolve any DNS queries received. If the user requests a new query, unbound will be stored in the cache, and when the user requests the same request again, unbound will use the saved cache. This would be the first request queries faster.

I will now try to install "DNSCrypt", to ensure the security of the DNS communication with "Unbound" acceleration.

Step One - Install yaourt

Yaourt is one of the AUR (ARCH user warehouse) auxiliary tool that allows users to easily install the program from AUR. Yaourt and pacman uses the same syntax, you can use yaourt to install the program. Here is the simplest way to install yaourt:

1, with the nano or vi editor arch warehouse configuration files, stored in the "/etc/pacman.conf" in.

$ Nano / etc / pacman.conf
2, in the bottom of the Add yaourt warehouse, paste the following script:

SigLevel = Never
Server = http://repo.archlinux.fr/$arch
3, with "Ctrl + x", followed by "Y" to save.

4, and then upgrade the warehouse database and use pacman to install yaourt:

$ Sudo pacman -Sy yaourt

Step Two - Install DNSCrypt and Unbound

DNSCrypt and unbound in archlinux repository, you can use the following command to install pacman:

$ Sudo pacman -S dnscrypt-proxy unbound
Then press the "Y" in the installation process.


Step Three - Install dnscrypt-autoinstall

Dnscrypt-autoinstall is automatically installed on a Linux system and configuration DNSCrypt script based. DNSCrypt in AUR, so you must install it using the "yaourt" command.

$ Yaourt -S dnscrypt-autoinstall

-S = This pacman -S Like the installer.

The fourth step - run dnscrypt-autoinstall

Run with root privileges "dnscrypt-autoinstall" to automatically configure DNSCrypt.

$ Sudo dnscrypt-autoinstall
Next pressing "Enter", then enter "Y" to choose what you want to use DNS provider, I used here without the log and DNSSEC DNSCrypt.eu.

Step 5 - Configuration DNSCrypt and Unbound

1, open dnscrypt of "/etc/conf.d/dnscrypt-config", confirm the configuration file "DNSCRYPTLOCALIP" pointing to local ip, "DNSCRYPTLOCALPORT" configuration according to your own wishes, I was using the 40-port.

$ Nano / etc / conf.d / dnscrypt-config

Save and exit.

2, now you use the nano editor to edit the "/ etc / unbound /" under unbound profile:

$ Nano / etc / unbound / unbound.conf
3, the end of the script, add the following line:

do-not-query-localhost: no
name: "."
Ensure forward-addr and DNSCrypt the "DNSCRYPT_LOCALPORT" consistent. As you can see, using the 40-port.

Then save and exit.

Step Six - run DNSCrypt and Unbound, then added to the boot in

Please run with root privileges DNSCrypt and unbound, you can use the command to run systemctl:

$ Sudosystemctl start dnscrypt-proxy unbound
Adding the service to start. You can run "systemctl enable":

$ Sudo systemctl enable dnscrypt-proxy unbound
Command will create a soft link to "/ usr / lib / systemd / system /" directory service.


Step Seven - resolv.conf configuration and restart all services

resolv.conf file is used to configure the DNS resolver in linux. It is a plain text created by the administrator, so you have to make it and others can not be modified with root privileges to edit.

With nano editor:

$ Nano / etc / resolv.conf
And add the local IP "". Now with "chattr" command to make him read only:

$ Chattr + i /etc/resolv.conf

If you want to re-edit, use the "chattr -i /etc/resolv.conf" write permissions added.

Now you need to restart DNSCrypt and unbound and networks;

$ Sudosystemctl restart dnscrypt-proxy unbound netctl
If you see an error, check the configuration file.



1, the test DNSCrypt

You can be confirmed by https://dnsleaktest.com/ DNSCrypt, click on the "Standard Test" or "extended test" and then wait for the end of the program run.

Now you can see already with DNSCrypt.eu as DNS provider DNSCrypt collaborative work.

2, the test Unbound

Now you should be able to ensure that unbound correctly with "dig" and "drill" command work together.

This is the dig command results:

$ Dig linoxide.com
We now look at the results, "Query time" is "533 msec":

;; Querytime: 533 msec
;; SERVER: # 53 (
;; WHEN: SunAug3014: 48: 19 WIB 2015
;; MSG SIZE rcvd: 188
Enter the command again, we see the "Query time" is "0 msec".

;; Querytime: 0 msec
;; SERVER: # 53 (
;; WHEN: SunAug3014: 51: 05 WIB 2015
;; MSG SIZE rcvd: 188

DNSCrypt to encrypt DNS client communication and parsing between the ends do well, and Unbound by caching make the same request with another request faster.

to sum up

DNSCrypt is an encrypted data stream protocol DNS client and DNS resolver between. DNSCrypt can run on different operating systems, whether desktop or mobile terminal. Select the DNS provider also includes some important things that should be selected to provide DNSSEC and there is no log. Unbound may be used when the DNS cache, thus speeding up the resolution process because Unbound request cache, then the next client requests the same query, unbound from the value stored in the cache removed. DNSCrypt and Unbound is a powerful combination for security and speed.
- Python basis: os module on the file / directory using methods commonly used functions (Programming)
- Smooth upgrade to OpenSSH 6.7 Procedure (Linux)
- Java 8 Lambda principle analysis (Programming)
- Ora-00020: maximum number of processes (500) exceeded (Database)
- LVM mirrored logical volume to achieve (Linux)
- Modular JavaScript (Programming)
- Linux System Getting Started Learning: Repair fatal error openssl aes h no such file or directory (Linux)
- CentOS 6.x systems installation + NIC driver installation (Realtek PCIe GBE Family Controller for Linux) (Linux)
- Hadoop 2.6.0 stand-alone / pseudo-distributed installation (Server)
- JBPM6 Tutorial - Fast Fun JBPM table (Linux)
- MySQL binlog automatic cleanup script (Database)
- To set up the printer use Nagios Monitoring Server (Server)
- Smooth upgrade to OpenSSH 6.1 Procedure (Linux)
- Java 8 perspective annotation types (Programming)
- Oracle11g build physical standby database (Database)
- Nginx Module Development - get user ip (Server)
- MySQL stored procedures and triggers (Database)
- Linux Programming memory mapping (Programming)
- ntop monitoring software configuration and installation (Linux)
- How to view information about the installed version of CentOS (Linux)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.