NWPS.fi

Ilmaisia hosting-palveluja

DNSCrypt

[ week | month | year ]

Name2.dnscrypt-cert.nwps.fi
LocationHelsinki, Finland
Public keyba8af36ed73f256114d0a06118b656baf22721e19df91e427041d84be488cfb7
Caching, non-censoring, non-logging, DNSSEC-capable
DNS Stampsdns://AQcAAAAAAAAAETk1LjIxNy4xMS42Mzo4NDQzILqK827XPyVhFNCgYRi2VrryJyHhnfkeQnBB2EvkiM-3FzIuZG5zY3J5cHQtY2VydC5ud3BzLmZp
Anonymized DNS relayingsdns://gRE5NS4yMTcuMTEuNjM6ODQ0Mw

What is DNSCrypt?

DNSCrypt is a protocol that adds encryption and authentication to DNS queries, making web browsing more secure and private. Its purpose is to protect DNS queries, which are normally sent unencrypted, from third-party eavesdropping or modification.

Benefits of DNSCrypt

Encrypted traffic – Prevents DNS queries from being intercepted and spied on.
Data integrity – Ensures that DNS responses are not tampered with.
Privacy – Hides DNS queries from ISPs and other third parties.
Protection against misuse – Reduces the risk of DNS spoofing and MITM attacks.

How to Use DNSCrypt

Using DNSCrypt requires installing and configuring a DNSCrypt client. Below are setup instructions for Windows, Linux, and macOS.

1. Windows

Install DNSCrypt Proxy:

  • Download DNSCrypt Proxy and extract the files.
  • Configure the dnscrypt-proxy.toml file properly. Select your preferred DNS server from the resolver list (e.g., public resolvers).
  • Run dnscrypt-proxy as a background service or application.
  • Alternative: Use applications like Simple DNSCrypt, which offers a graphical user interface.

2. Linux

Here’s a step-by-step guide to installing dnscrypt-proxy on Ubuntu/Debian and configuring it to use only the specified DNS server (sdns://AQc...).

📌 Step 1: Install dnscrypt-proxy

Open a terminal and run the following commands:

  1. Update package lists: sudo apt update
  2. Install dnscrypt-proxy: sudo apt install dnscrypt-proxy -y

📌 Step 2: Configure dnscrypt-proxy

Now, let’s modify the configuration to use only the specified server.

  1. Open the configuration file in Nano: sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml
  2. Modify the settings:
    • Find the line that starts with server_names and comment it out or leave it empty: # server_names = []
    • Add a static server configuration: [static."nwps"] stamp = "sdns://AQcAAAAAAAAAETk1LjIxNy4xMS42Mzo4NDQzILqK827XPyVhFNCgYRi2VrryJyHhnfkeQnBB2EvkiM-3FzIuZG5zY3J5cHQtY2VydC5ud3BzLmZp"
    • Force dnscrypt-proxy to use only this server: server_names = ["nwps"]
  3. Save and exit:
    • Press CTRL + X, then Y, and hit Enter.

📌 Step 3: Restart and Enable the Service

  1. Restart dnscrypt-proxy: sudo systemctl restart dnscrypt-proxy
  2. Enable dnscrypt-proxy to start on boot: sudo systemctl enable dnscrypt-proxy
  3. Check service status: sudo systemctl status dnscrypt-proxy You should see something like: Active: active (running)

📌 Step 4: Configure Your System to Use dnscrypt-proxy

By default, dnscrypt-proxy listens on 127.0.2.1:53. To make your system use it:

  1. Edit resolv.conf (temporary change): sudo nano /etc/resolv.conf Replace existing nameserver lines with: nameserver 127.0.2.1
  2. Prevent systemd-resolved from overwriting the settings (for persistent change): sudo systemctl disable --now systemd-resolved ; sudo rm -f /etc/resolv.conf ; echo "nameserver 127.0.2.1" | sudo tee /etc/resolv.conf

📌 Step 5: Test the DNS Configuration

  1. Check if your system is using dnscrypt-proxy: dig @127.0.2.1 example.com You should see a valid response.
  2. Verify the DNS server: dnscrypt-proxy -resolve example.com The output should show that it is resolving queries via your configured server (95.217.11.63:8443).

Done!

Your system is now using dnscrypt-proxy with only the specified secure DNS server. 🚀

3. macOS

  • Use an app like DNSCrypt Menubar, which is easy to install and use.
  • Alternatively, install DNSCrypt Proxy and configure it manually.