Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ How to install Unbound and DNSCrypt in Archlinux     - Compression decompression command under Linux (Linux)

- Management DB2 logs (Database)

- Delegate in C # (Programming)

- Manually create Oracle Database Explanations (Database)

- Linux System Getting Started Learning: From VirtualBox from the client host access NAT (Linux)

- Oracle database online redo logs are several methods of recovery of deleted (Database)

- Linux / CentOS 7.0 installation and configuration under Tomcat 8.0 (Server)

- Intrusion prevention network server security maintenance tips (Linux)

- Limit the use of the request being Nginx Flood attack (Linux)

- Java NIO in the world (Programming)

- Oracle VirtualBox Problem Solving Case (Linux)

- How to run in support UDp Docker container JBoss data virtualization GA (Server)

- Linux centos rm directory does not prompt (Linux)

- Ubuntu system safe and caution sudo su command (Linux)

- Linux network monitoring strategy (Linux)

- Command line tool Tmux (Linux)

- Emacs install clojure development environment (Linux)

- Linux Shell Scripting (Programming)

- How Datadog monitor Nginx (Server)

- MySQL optimization tabs (Database)

 
         
  How to install Unbound and DNSCrypt in Archlinux
     
  Add Date : 2018-11-21      
         
       
         
  DNSCrypt is used for communication between the DNS client and DNS resolver for encryption and authentication protocols. It can prevent DNS spoofing or middle attacks. DNSCrypt available for most operating systems, including Linux, Windows, MacOSX, Android and iOS. In this tutorial I'm using kernel 4.1 archlinux.

Unbound DNS cache server is used to resolve any DNS queries received. If the user requests a new query, unbound will be stored in the cache, and when the user requests the same request again, unbound will use the saved cache. This would be the first request queries faster.

I will now try to install "DNSCrypt", to ensure the security of the DNS communication with "Unbound" acceleration.

Step One - Install yaourt

Yaourt is one of the AUR (ARCH user warehouse) auxiliary tool that allows users to easily install the program from AUR. Yaourt and pacman uses the same syntax, you can use yaourt to install the program. Here is the simplest way to install yaourt:

1, with the nano or vi editor arch warehouse configuration files, stored in the "/etc/pacman.conf" in.

$ Nano / etc / pacman.conf
2, in the bottom of the Add yaourt warehouse, paste the following script:

[Archlinuxfr]
SigLevel = Never
Server = http://repo.archlinux.fr/$arch
3, with "Ctrl + x", followed by "Y" to save.

4, and then upgrade the warehouse database and use pacman to install yaourt:

$ Sudo pacman -Sy yaourt
 

Step Two - Install DNSCrypt and Unbound

DNSCrypt and unbound in archlinux repository, you can use the following command to install pacman:

$ Sudo pacman -S dnscrypt-proxy unbound
Then press the "Y" in the installation process.

 

Step Three - Install dnscrypt-autoinstall

Dnscrypt-autoinstall is automatically installed on a Linux system and configuration DNSCrypt script based. DNSCrypt in AUR, so you must install it using the "yaourt" command.

$ Yaourt -S dnscrypt-autoinstall
Note:

-S = This pacman -S Like the installer.


The fourth step - run dnscrypt-autoinstall

Run with root privileges "dnscrypt-autoinstall" to automatically configure DNSCrypt.

$ Sudo dnscrypt-autoinstall
Next pressing "Enter", then enter "Y" to choose what you want to use DNS provider, I used here without the log and DNSSEC DNSCrypt.eu.

Step 5 - Configuration DNSCrypt and Unbound

1, open dnscrypt of "/etc/conf.d/dnscrypt-config", confirm the configuration file "DNSCRYPTLOCALIP" pointing to local ip, "DNSCRYPTLOCALPORT" configuration according to your own wishes, I was using the 40-port.

$ Nano / etc / conf.d / dnscrypt-config
DNSCRYPT_LOCALIP = 127.0.0.1
DNSCRYPT_LOCALIP2 = 127.0.0.2
DNSCRYPT_LOCALPORT = 40


Save and exit.

2, now you use the nano editor to edit the "/ etc / unbound /" under unbound profile:

$ Nano / etc / unbound / unbound.conf
3, the end of the script, add the following line:

do-not-query-localhost: no
forward-zone:
name: "."
forward-addr: 127.0.0.1@40
Ensure forward-addr and DNSCrypt the "DNSCRYPT_LOCALPORT" consistent. As you can see, using the 40-port.

Then save and exit.


Step Six - run DNSCrypt and Unbound, then added to the boot in

Please run with root privileges DNSCrypt and unbound, you can use the command to run systemctl:

$ Sudosystemctl start dnscrypt-proxy unbound
Adding the service to start. You can run "systemctl enable":

$ Sudo systemctl enable dnscrypt-proxy unbound
Command will create a soft link to "/ usr / lib / systemd / system /" directory service.

 

Step Seven - resolv.conf configuration and restart all services

resolv.conf file is used to configure the DNS resolver in linux. It is a plain text created by the administrator, so you have to make it and others can not be modified with root privileges to edit.

With nano editor:

$ Nano / etc / resolv.conf
And add the local IP "127.0.0.1". Now with "chattr" command to make him read only:

$ Chattr + i /etc/resolv.conf
note:

If you want to re-edit, use the "chattr -i /etc/resolv.conf" write permissions added.

Now you need to restart DNSCrypt and unbound and networks;

$ Sudosystemctl restart dnscrypt-proxy unbound netctl
If you see an error, check the configuration file.

 

test

1, the test DNSCrypt

You can be confirmed by https://dnsleaktest.com/ DNSCrypt, click on the "Standard Test" or "extended test" and then wait for the end of the program run.

Now you can see already with DNSCrypt.eu as DNS provider DNSCrypt collaborative work.

2, the test Unbound

Now you should be able to ensure that unbound correctly with "dig" and "drill" command work together.

This is the dig command results:

$ Dig linoxide.com
We now look at the results, "Query time" is "533 msec":

;; Querytime: 533 msec
;; SERVER: 127.0.0.1 # 53 (127.0.0.1)
;; WHEN: SunAug3014: 48: 19 WIB 2015
;; MSG SIZE rcvd: 188
Enter the command again, we see the "Query time" is "0 msec".

;; Querytime: 0 msec
;; SERVER: 127.0.0.1 # 53 (127.0.0.1)
;; WHEN: SunAug3014: 51: 05 WIB 2015
;; MSG SIZE rcvd: 188

DNSCrypt to encrypt DNS client communication and parsing between the ends do well, and Unbound by caching make the same request with another request faster.

to sum up

DNSCrypt is an encrypted data stream protocol DNS client and DNS resolver between. DNSCrypt can run on different operating systems, whether desktop or mobile terminal. Select the DNS provider also includes some important things that should be selected to provide DNSSEC and there is no log. Unbound may be used when the DNS cache, thus speeding up the resolution process because Unbound request cache, then the next client requests the same query, unbound from the value stored in the cache removed. DNSCrypt and Unbound is a powerful combination for security and speed.
     
         
       
         
  More:      
 
- Android to determine whether the device to open WIFI, GPRS data connection (Programming)
- 20 Top Linux commands (Linux)
- SSH automatic disconnection problem solving (Linux)
- String JavaScript type system (Programming)
- Linux text processing tool of sed (Linux)
- Dynamic programming Android (Programming)
- sa weak passwords intrusion prevention (Linux)
- Archlinux installation tutorial (Linux)
- Multi-core CPU, multi-threading and parallel computation (Linux)
- Ubuntu 15.04 Linux install anti-virus software Antiviral 0.2 (Linux)
- APT-GET commonly used Linux command (Linux)
- Construction of Android and iOS apps use Jenkins Automation (Programming)
- Oracle DataGuard principles and basic configuration (Database)
- Shell scripts get a snapshot of the page and generates thumbnails (Linux)
- Depth understanding of C language (Programming)
- How to configure Apache Solr on Ubuntu 14/15 (Server)
- MySQL5.7 implement virtual column expression index (Database)
- Solve the compatibility problem between Linux and Java at the source in bold font (Linux)
- Share and show your code on GitHub (Linux)
- Linux iptables: combat scenes (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.