Untuk melindungi anda dari inject DNS oleh penyedia jasa internet anda, bisa menggunakan DNSCrypt. Contoh bila anda ingin mengunjungi situs yang situs yang diblokir, seperti vimeo.com. Keuntungan menggunakan DNSCrypt, resolve DNS menjadi lebih cepat karena dicache di local setelah query berhasil, bisa membuka situs yang diblokir di level DNS, akses ke beberapa CDN lebih cepat.
Install DNSCrypt
Saat ini versi terbaru DNSCrypt adalah 2.0.42
cd /opt wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.42/dnscrypt-proxy-linux_x86_64-2.0.42.tar.gz
Ekstrak file DNScrypt yang baru di download
tar zxvf dnscrypt-proxy-linux_x86_64-2.0.42.tar.gzKonfigurasi DNSCrypt
Sekarang kita akan mengkonfigurasi DNScrypt, pertama copy file example-dnscrypt-proxy.toml menjadi dnscrypt-proxy.toml
cp example-dnscrypt-proxy.toml dnscrypt-proxy.tomlbuka file dnscrypt-proxy.toml bagian yang perlu diubah
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
menjadi
server_names = ['google', 'yandex', 'cloudflare']
bila server_names tidak ditentukan, maka dnscrypt akan memilih sendiri DNS yang digunakan dari public DNS.
Aktifkan service Systemd DNSCrypt
/opt/linux-x86_64/dnscrypt-proxy -service install
aktifkan dnscrypt waktu booting
systemctl enable dnscrypt-proxyjalankan DNSCrypt
systemctl start dnscrypt-proxy
Cek status DNSCrypt
systemctl status dnscrypt-proxy # status ● dnscrypt-proxy.service - Encrypted/authenticated DNS proxy Loaded: loaded (/etc/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2020-04-30 11:47:17 UTC; 4s ago Main PID: 33004 (dnscrypt-proxy) Tasks: 7 (limit: 2331) Memory: 7.0M CPU: 79ms CGroup: /system.slice/dnscrypt-proxy.service └─33004 /opt/linux-x86_64/dnscrypt-proxy -config dnscrypt-proxy.toml Apr 30 11:47:17 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:17] [NOTICE] Source [public-resolvers] loaded Apr 30 11:47:17 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:17] [NOTICE] Source [relays] loaded Apr 30 11:47:17 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:17] [NOTICE] Firefox workaround initialized Apr 30 11:47:17 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP] Apr 30 11:47:17 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP] Apr 30 11:47:17 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:17] [NOTICE] [dnscrypt.ca-1] OK (DNSCrypt) - rtt: 71ms Apr 30 11:47:18 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:18] [NOTICE] [dnscrypt.ca-1-doh] OK (DoH) - rtt: 71ms Apr 30 11:47:18 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:18] [NOTICE] [quad9-doh-ip4-nofilter-pri] OK (DoH) - rtt: 1ms Apr 30 11:47:18 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:18] [NOTICE] [skyfighter-dns] OK (DNSCrypt) - rtt: 153ms Apr 30 11:47:18 router.jaranguda.com dnscrypt-proxy[33004]: [2020-04-30 11:47:18] [NOTICE] [dnscrypt.ca-2] OK (DNSCrypt) - rtt: 71ms
Ubah DNS anda menjadi DNSCrypt
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
Tes DNSCrypt
Sebagai contoh kita akan mencoba resolve domain kernel.org
/opt/linux-x86_64/dnscrypt-proxy -resolve kernel.org # output Resolving [kernel.org] Domain exists: yes, 6 name servers found Canonical name: kernel.org. IP addresses: 198.145.29.83 TXT records: v=spf1 mx a:vger.kernel.org a:mail.wl.linuxfoundation.org ~all Resolver IP: 66.96.115.242 (res300.sfo.rrdns.pch.net.)
coba ping ke beberapa domain seperti google.com, yahoo.com, kernel.org.
Menonaktifkan DNSCrypt
Bila anda ingin menonaktifkan DNSCrypt, cukup mengganti default resolver di /etc/resolv.conf, contoh menggunakan DNS Cloudflare
echo 'nameserver 1.1.1.1' > /etc/resolv.conf
matikan service DNSCrypt
systemctl stop dnscrypt-proxy
hapus service DNSCrypt
/opt/linux-x86_64/dnscrypt-proxy -service uninstall