Rata-rata ISP menghijack DNS beberapa contohnya Indihome, Biznet, Three, Telkomsel, XL dll. Cara yang paling ampuh mengatasi blokir DNS ataupun hijack DNS adalah menggunakan DNSCrypt selain penggunaan VPN yang bagi banyak orang perlu mengeluarkan biaya tambahan bulanan untuk berlangganan. Dengan solusi dns ini selain gratis juga bisa mempercepat browsing suatu situs. Saat ini versi terbaru DNSCrypt adalah 2.0.13
DNS ini bisa digunakan untuk LAN, sehingga semua devices (HP, Laptop, iPhone) bisa merasakan manfaat dari enkripsi dns. Bila kebutuhan untuk LAN, komputer yang digunakan untuk menginstall DNSCrypt harus hidup 24 jam.
Download DNSCrypt
wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.31/dnscrypt-proxy-linux_x86_64-2.0.31.tar.gz
Ekstrak file dnscrypt-proxy-linux_x86_64-2.0.31.tar.gz
sudo tar -zxvf dnscrypt-proxy-linux_x86_64-2.0.31.tar.gz -C /opt/
Copy file configurasi DNSCrypt
sudo cp /opt/linux-x86_64/example-dnscrypt-proxy.toml /opt/linux-x86_64/dnscrypt-proxy.toml
Install sebagai service systemd dan aktifkan waktu boot
sudo /opt/linux-x86_64/dnscrypt-proxy -service install
Jalankan dnscrypt
sudo /opt/linux-x86_64/dnscrypt-proxy -service start
Test DNSCrypt
Salah satu cara untuk testing DNSCrypt ini dengan menggunakan bawaan DNSCrypt.
/opt/linux-x86_64/dnscrypt-proxy -resolve google.com /opt/linux-x86_64/dnscrypt-proxy -resolve getfedora.org
output kedua perintah diatas
Domain exists: yes, 4 name servers found
Canonical name: google.com.
IP addresses: 172.217.24.110, 2404:6800:4003:808::200e
TXT records: globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8= docusign=1b0a6754-49b1-4db5-8540-d2c12664b289 facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95 docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e v=spf1 include:_spf.google.com ~all
Resolver IP: 74.63.20.251 (res302.qpg.rrdns.pch.net.)
Resolving [getfedora.org]
Domain exists: yes, 3 name servers found
Canonical name: getfedora.org.
IP addresses: 8.43.85.73, 209.132.190.2, 209.132.181.16, 8.43.85.67, 140.211.169.206, 67.219.144.68, 152.19.134.142, 209.132.181.15, 140.211.169.196, 152.19.134.198, 2605:bc80:3010:600:dead:beef:cafe:feda, 2610:28:3090:3001:dead:beef:cafe:fed3, 2604:1580:fe00:0:dead:beef:cafe:fed1, 2605:bc80:3010:600:dead:beef:cafe:fed9
TXT records: –
Resolver IP: 74.63.20.247 (res201.qpg.rrdns.pch.net.)
Selain cara diatas kita juga bisa menggunakan dig
dig google.com getfedora.org @127.0.0.1 # output ; <<>> DiG 9.11.11-RedHat-9.11.11-1.fc31 <<>> google.com getfedora.org @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3146 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 154 IN A 74.125.24.139 google.com. 154 IN A 74.125.24.102 google.com. 154 IN A 74.125.24.138 google.com. 154 IN A 74.125.24.101 google.com. 154 IN A 74.125.24.113 google.com. 154 IN A 74.125.24.100 ;; Query time: 120 msec ;; SERVER: 9.9.9.9#53(9.9.9.9) ;; WHEN: Sun Nov 17 15:28:55 WIB 2019 ;; MSG SIZE rcvd: 135 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 824 ;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;getfedora.org. IN A ;; ANSWER SECTION: getfedora.org. 599 IN A 209.132.190.2 getfedora.org. 599 IN A 67.219.144.68 getfedora.org. 599 IN A 8.43.85.67 getfedora.org. 599 IN A 140.211.169.196 getfedora.org. 599 IN A 209.132.181.15 getfedora.org. 599 IN A 209.132.181.16 getfedora.org. 599 IN A 140.211.169.206 getfedora.org. 599 IN A 8.43.85.73 getfedora.org. 599 IN A 152.19.134.142 getfedora.org. 599 IN A 152.19.134.198 ;; Query time: 1212 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Nov 17 15:28:56 WIB 2019 ;; MSG SIZE rcvd: 332