hello friends! new(ish)!
DNSCrypt: Difference between revisions
Jump to navigation
Jump to search
>Toynbeeidea No edit summary |
>WubTheCaptain (Stub) |
||
Line 1: | Line 1: | ||
{{Stub}} | |||
'''DNSCrypt''' acts as a local DNS resolver and uses elliptic-curve cryptography when passing messages to and from the DNS server. This is extremely useful for mitigating MITM attacks on DNS. Only a few servers are known to currently support DNSCrypt, however, adoption is growing. | '''DNSCrypt''' acts as a local DNS resolver and uses elliptic-curve cryptography when passing messages to and from the DNS server. This is extremely useful for mitigating MITM attacks on DNS. Only a few servers are known to currently support DNSCrypt, however, adoption is growing. | ||
Revision as of 23:49, 10 February 2014
DNSCrypt acts as a local DNS resolver and uses elliptic-curve cryptography when passing messages to and from the DNS server. This is extremely useful for mitigating MITM attacks on DNS. Only a few servers are known to currently support DNSCrypt, however, adoption is growing.
Note: if you install DNSCrypt, be sure to change the server it's using to something other than OpenDNS, as OpenDNS is known to hijack and block certain domains by default. Also be sure to change your DNS server address to that of the local resolver (usually 127.0.0.2 or 127.0.0.1).
Installation
Linux
From Source
# git clone git://github.com/jedisct1/dnscrypt-proxy.git # cd dnscrypt-proxy # ./autogen.sh # ./configure --prefix=/usr # make # sudo make install # sudo nano /etc/resolv.conf Remove all lines starting with "nameserver" and add "nameserver 127.0.0.1" and save the file. Pick a server from dnscrypt.org and take note of the Server address, Provider name, and Public key. # sudo dnscrypt-proxy --daemonize --resolver-address=<Server address> --provider-name=<Provider name> --provider-key=<Public key>