Answer the question
In order to leave comments, you need to log in
K
K
kaktak2552021-11-26 15:57:56
kaktak255, 2021-11-26 15:57:56
How to enable dnscrypt-proxy?
In general, I will describe what I did:
1) Changed ipv4 to 127.0.0.1
2) Entered into the file, it looks like thisdnscrypt-proxy.toml
# Empty listen_addresses to use systemd socket activation
listen_addresses = []
server_names = ['cloudflare']
#тут просто в инете нашел вставил
ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = true
doh_servers = true
require_nolog = true
require_nofilter = true
require_dnssec = true
timeout = 5000
keepalive = 30
cache = true
cache_size = 1024
cache_min_ttl = 2400
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600
fallback_resolver = '1.1.1.1:5353'
###
#остальное стандарт
[query_log]
file = '/var/log/dnscrypt-proxy/query.log'
[nx_log]
file = '/var/log/dnscrypt-proxy/nx.log'
[sources]
[sources.'public-resolvers']
url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
minisign_key = 'тут какой то ключ думаю он не нужно его показывать'
refresh_delay = 72
prefix = ''3) File
/etc/resolv.conf Contains this:
# Generated by NetworkManager
nameserver 127.0.0.1I tried a lot, did it on one site, did it differently, tried
127.0.2.1it, tried it, tried 127.0.0.2a lot, nothing works. How do you need it right? What am I doing wrong?
2 answer(s)
@kaktak255
2. In Network-Manager, in the network settings, go to IPv4 and change DNS to
3. Edit the file
Instead of nano, you can use your other editor. For example, xed in Linux Mint
4. Uncomment the line
5. After changing or adding new names to
How to check if DNS is encrypted?
Install Wireshark
Online DNS Leak Test DNS
LeakTest
DNS LeakTest
D
Damian Lewis, 2021-11-27 @kaktak255
dnscrypt-proxy.tomlTo get started, put the following
in the listen address file listen_addresses = ['127.0.0.1:53']. Ours is empty. Naturally, traffic is not redirected anywhere and nothing works.
I myself have repeatedly used and still use dnscrypt-proxy on many systems. The only problem was with Arch Linux which later resolved. I will describe step by step how I set it up on Ubuntu / Mint.
1. Installing from an official distro turnip sudo apt install dnscrypt-proxy
or a more recent version from a third-party turnip
sudo add-apt-repository ppa:shevchuk/dnscrypt-proxy
sudo apt update
sudo apt install dnscrypt-proxy2. In Network-Manager, in the network settings, go to IPv4 and change DNS to
127.0.0.13. Edit the file
sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.tomlInstead of nano, you can use your other editor. For example, xed in Linux Mint
4. Uncomment the line
server_namesif it is commented out and add the names of dns servers from public-resolvers to it , according to the principle server_names = [‘cloudflare’, ‘adguard-dns-doh’], you can list several address names separated by commas. Be sure to use multiple addresses. It happens that one is blocked or falls off. In this case, the other one that you specified will be picked up. 5. After changing or adding new names to
server_names, you must restart dnscrypt-proxywith the command: sudo systemctl restart dnscrypt-proxyHow to check if DNS is encrypted?
Install Wireshark
sudo apt-get install wireshark- run it from a terminal with sudo wireshark (you need to be sudo to be able to listen on your network card.)
- then start listening and filter out everything but your own ip. Now just check if DNS protocols are encrypted
- use filter to show dns only
- Stop scanning.
- click on the list item that says DNS and comes from your IP.
- Now click on the transfer protocol to see if it is encrypted.
Online DNS Leak Test DNS
LeakTest
DNS LeakTest
Similar questions
R
V
P
X
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question