Rata-rata ISP menghijack DNS beberapa contohnya Indihome, Biznet, Three, Telkomsel, XL dll. Cara yang paling ampuh mengatasi blokir DNS ataupun hijack DNS adalah menggunakan DNSCrypt selain penggunaan VPN yang bagi banyak orang perlu mengeluarkan biaya tambahan bulanan untuk berlangganan. Dengan solusi dns ini selain gratis juga bisa mempercepat browsing suatu situs. Saat ini versi terbaru DNSCrypt adalah 2.0.13

DNS ini bisa digunakan untuk LAN, sehingga semua devices (HP, Laptop, iPhone) bisa merasakan manfaat dari enkripsi dns. Bila kebutuhan untuk LAN, komputer yang digunakan untuk menginstall DNSCrypt harus hidup 24 jam.

Download DNSCrypt

wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.31/dnscrypt-proxy-linux_x86_64-2.0.31.tar.gz

Ekstrak file dnscrypt-proxy-linux_x86_64-2.0.31.tar.gz

sudo tar -zxvf dnscrypt-proxy-linux_x86_64-2.0.31.tar.gz -C /opt/

Copy file configurasi DNSCrypt

sudo cp /opt/linux-x86_64/example-dnscrypt-proxy.toml /opt/linux-x86_64/dnscrypt-proxy.toml

Install sebagai service systemd dan aktifkan waktu boot

sudo /opt/linux-x86_64/dnscrypt-proxy -service install

Jalankan dnscrypt

sudo /opt/linux-x86_64/dnscrypt-proxy -service start

Test DNSCrypt

Salah satu cara untuk testing DNSCrypt ini dengan menggunakan bawaan DNSCrypt.

/opt/linux-x86_64/dnscrypt-proxy -resolve google.com
/opt/linux-x86_64/dnscrypt-proxy -resolve getfedora.org

output kedua perintah diatas

Resolving [google.com]

Domain exists: yes, 4 name servers found
Canonical name: google.com.
IP addresses: 172.217.24.110, 2404:6800:4003:808::200e
TXT records: globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8= docusign=1b0a6754-49b1-4db5-8540-d2c12664b289 facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95 docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e v=spf1 include:_spf.google.com ~all
Resolver IP: 74.63.20.251 (res302.qpg.rrdns.pch.net.)

Resolving [getfedora.org]

Domain exists: yes, 3 name servers found
Canonical name: getfedora.org.
IP addresses: 8.43.85.73, 209.132.190.2, 209.132.181.16, 8.43.85.67, 140.211.169.206, 67.219.144.68, 152.19.134.142, 209.132.181.15, 140.211.169.196, 152.19.134.198, 2605:bc80:3010:600:dead:beef:cafe:feda, 2610:28:3090:3001:dead:beef:cafe:fed3, 2604:1580:fe00:0:dead:beef:cafe:fed1, 2605:bc80:3010:600:dead:beef:cafe:fed9
TXT records: –
Resolver IP: 74.63.20.247 (res201.qpg.rrdns.pch.net.)

Selain cara diatas kita juga bisa menggunakan dig

dig google.com getfedora.org @127.0.0.1
 
# output
; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> google.com getfedora.org @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3146
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.			IN	A
 
;; ANSWER SECTION:
google.com.		154	IN	A	74.125.24.139
google.com.		154	IN	A	74.125.24.102
google.com.		154	IN	A	74.125.24.138
google.com.		154	IN	A	74.125.24.101
google.com.		154	IN	A	74.125.24.113
google.com.		154	IN	A	74.125.24.100
 
;; Query time: 120 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Sun Nov 17 15:28:55 WIB 2019
;; MSG SIZE  rcvd: 135
 
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 824
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;getfedora.org.			IN	A
 
;; ANSWER SECTION:
getfedora.org.		599	IN	A	209.132.190.2
getfedora.org.		599	IN	A	67.219.144.68
getfedora.org.		599	IN	A	8.43.85.67
getfedora.org.		599	IN	A	140.211.169.196
getfedora.org.		599	IN	A	209.132.181.15
getfedora.org.		599	IN	A	209.132.181.16
getfedora.org.		599	IN	A	140.211.169.206
getfedora.org.		599	IN	A	8.43.85.73
getfedora.org.		599	IN	A	152.19.134.142
getfedora.org.		599	IN	A	152.19.134.198
 
;; Query time: 1212 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Nov 17 15:28:56 WIB 2019
;; MSG SIZE  rcvd: 332

Leave a comment

Your email address will not be published. Required fields are marked *