Linux Mint Forums

How to install DNSCrypt by xenopeek on Sun Jul 08, 2012 11:00 am ... https://blog.opendns.com/2011/12/06/ ..... by tommyb. on Mon Jul 23, 2012 8:01 am.
Télécharger le PDF
554KB taille 4 téléchargements 773 vues
commentaire
Report
Linux Mint Forums • View topic - How to install ...

http://forums.linuxmint.com/viewtopic.php?f=42...

Linux Mint Forums Search…

Search

Advanced search Board index ‹ Main Edition Support ‹ Tutorials / Howtos Change font size E-mail friend Print view User Control Panel (0 new messages) • View your posts FAQ Members Logout [ san-claudio ]

How to install DNSCrypt Forum rules Do not start a support topic here please. Before you post please read this Post a reply

Search this topic…

Search

First unread post • 37 posts • Page 1 of 2 • 1, 2 Report this post Reply with quote

How to install DNSCrypt by xenopeek on Sun Jul 08, 2012 11:00 am Update Dec 11 2013: Previous1 has added the steps to compile DNSCrypt yourself and get it working, see this topic: viewtopic.php?f=42&t=152600. Please follow that tutorial instead, as the below no longer works. Update Feb 8 2013: As noted by tommyb. in the comments, the DNSCrypt .deb file downloads are no longer available. This makes this tutorial currently not usable. Easy installation using your package manager is therefor no longer possible, as was detailed below. You'll need to download the source code from http://dnscrypt.org/, and follow the instructions there on how to compile DNSCrypt yourself. Possibly the below information, about disabling NetworkManager's dnsmasq instance and starting your own DNSCrypt and dnsmasq, may still be useful with that. I haven't delved into this yet, so if anybody has I welcome feedback on needed changes to the tutorial. ---------------------------------------------------------------------------------------------------------------------------------------------------------------This tutorial describes how to install and set up DNSCrypt (dnscrypt-proxy with dnsmasq). In a nutshell, it sets up a local DNS forwarder on your computer that encrypts all DNS traffic between your computer and your DNS resolver, which will be OpenDNS instead of your ISP. DNSCrypt and OpenDNS intend to

1 sur 18

26/08/2014 13:21

Linux Mint Forums • View topic - How to install ...

http://forums.linuxmint.com/viewtopic.php?f=42...

keep you more safe online. Following are some links for more information about DNSCrypt and OpenDNS: https://blog.opendns.com/2011/12/06/ https://www.opendns.com/ This tutorial has been succesfully tested on: Linux Linux Linux Linux Linux

Mint Mint Mint Mint Mint

11 12 13 13 13

GNOME KDE MATE Cinnamon Xfce

----------------------------------------------------------------------------------------------------------------------------------------------------------------

1. Download and install dnscrypt-proxy Visit https://github.com/opendns/dnscrypt-proxy/downloads and download the .deb file for your architecture (i386 for 32 bit, amd64 for 64 bit). Double-click the downloaded .deb file to start the installer, or right-click the file and choose "Open With GDebi Package Installer". Click "Install Package" and complete the installation. Also download the following attached archive file config.tar.bz2, with the needed configuration files. Extract it and open a terminal on the directory where you extracted the configuration files before you continue (in your file browser, open the File menu and select "Open in Terminal"). Run the commands in the tutorial from this terminal. config.tar.bz2 (1.43 KiB) Downloaded 542 times

2. Stop Network Manager Open a terminal and run the following command: Code: Select all sudo stop network-manager

3. Reconfigure Network Manager to not use dnsmasq You must skip this step if you are using Linux Mint 11 or 12. Edit the configuration file: Code: Select all sudo nano /etc/NetworkManager/NetworkManager.conf

Find the line: Code: Select all dns=dnsmasq

Replace it with: Code: Select all #dns=dnsmasq

2 sur 18

26/08/2014 13:21

Linux Mint Forums • View topic - How to install ...

http://forums.linuxmint.com/viewtopic.php?f=42...

Save & close the file with Ctrl+O, Enter, Ctrl+X.

4-7. Create Upstart jobs and copy configuration files Run the following commands: Code: Select all sudo cp init/dnscrypt-proxy.conf /etc/init/ sudo ln -s /lib/init/upstart-job /etc/init.d/dnscrypt-proxy sudo cp init/dnsmasq.conf /etc/init/ sudo ln -s /lib/init/upstart-job /etc/init.d/dnsmasq sudo cp dnsmasq.conf /etc/ sudo cp init/ntpdate-dnsmasq.conf /etc/init/ sudo ln -s /lib/init/upstart-job /etc/init.d/ntpdate-dnsmasq

If you want to use OpenDNS's FamilyShield (parental controls), first edit the init/dnscrypt-proxy.conf file and change the last line of that file from: Code: Select all exec /usr/sbin/dnscrypt-proxy --local-address=127.0.0.2

to: Code: Select all exec /usr/sbin/dnscrypt-proxy --local-address=127.0.0.2 --resolver-address=208.67.222.123

8. Reload Upstart configuration You can skip this step unless you are doing this on a Live session. Run the following command: Code: Select all sudo initctl reload-configuration

9. Start the services Start dnscrypt-proxy, which will automatically also start dnsmasq (and ntpdate): Code: Select all sudo start dnscrypt-proxy

Start Network Manager: Code: Select all sudo start network-manager

10. Reconfigure Network Manager to use DNSCrypt Open Network Connections from the menu. On the Wired or Wireless tab highlight your active Internet connection. Click "Edit". On the IPv4 Settings tab, set Method to "Automatic (DHCP) addresses only" and set DNS servers to "127.0.0.1". Click "Save". Click "Close".

3 sur 18

26/08/2014 13:21

Linux Mint Forums • View topic - How to install ...

http://forums.linuxmint.com/viewtopic.php?f=42...

11. Final test Visit http://www.opendns.com/welcome to test your connection. You should be welcomed to OpenDNS. Image ----------------------------------------------------------------------------------------------------------------------------------------------------------------

Uninstalling

If you decide you want to remove DNSCrypt, you can revert all changes made with the following steps.

Stop the services and remove all added files Run the following commands: Code: Select all sudo stop network-manager sudo stop dnscrypt-proxy sudo rm /etc/init/ntpdate-dnsmasq.conf sudo rm /etc/init.d/ntpdate-dnsmasq sudo rm /etc/dnsmasq.conf sudo rm /etc/init/dnsmasq.conf sudo rm /etc/init.d/dnsmasq sudo rm /etc/init/dnscrypt-proxy.conf sudo rm /etc/init.d/dnscrypt-proxy sudo initctl reload-configuration sudo apt-get --purge autoremove dnscrypt-proxy

Reconfigure Network Manager to use dnsmasq You must skip this step if you are using Linux Mint 11 or 12. Edit the configuration file: Code: Select all sudo nano /etc/NetworkManager/NetworkManager.conf

Find the line: Code: Select all #dns=dnsmasq

Replace it with: Code: Select all dns=dnsmasq

Save & close the file with Ctrl+O, Enter, Ctrl+X.

Start the services Start Network Manager: Code: Select all sudo start network-manager

4 sur 18

26/08/2014 13:21

Linux Mint Forums • View topic - How to install ...

http://forums.linuxmint.com/viewtopic.php?f=42...

Reconfigure Network Manager to not use DNSCrypt Open Network Connections from the menu. On the Wired or Wireless tab highlight your active Internet connection. Click "Edit". On the IPv4 Settings tab, set Method to "Automatic (DHCP)". Click "Save". Click "Close". Forum Rules | IRC Channel Rules

xenopeek Level 21

Posts: 14676 Joined: Wed Jul 06, 2011 9:58 am Location: The Netherlands Private message E-mail Top Report this post Reply with quote

Re: How to install DNSCrypt by jedisct1 on Sun Jul 08, 2012 8:11 pm Hi, Note that currently dnscrypt-proxy does not provide for using an OpenDNS account. So you can't yet use OpenDNS' premium features, such as parental controls.

This is not true. Network settings depend on the source IP address. So whatever has been configured for a network still works with dnscrypt, including category filters. You can also use FamilyShield in order to enable parental controls without creating an account. Just start dnscrypt with --resolver-address=208.67.222.123 And you don't need to disable dnsmasq in order to use dnscrypt. All you need is a line like this one in the dnsmasq.conf file: server=127.0.0.1#40 Replace 40 with the port number dnscrypt is listening to (--local-port=...) dnsmasq cache DNS records, which is always a good thing to have if you care about performance. jedisct1

5 sur 18

26/08/2014 13:21

Linux Mint Forums • View topic - How to install ...

http://forums.linuxmint.com/viewtopic.php?f=42...

Level 1

Posts: 1 Joined: Sun Jul 08, 2012 7:58 pm Private message E-mail Top Report this post Reply with quote

Re: How to install DNSCrypt by xenopeek on Sun Jul 08, 2012 9:57 pm Hi jedisct1, thanks for the updates on that update the tutorial!

I didn't know the OpenDNS accounts worked that way, I'll

Disabling dnsmasq in Network Manager I did because you can't override the configuration it uses. Network Manager starts dnsmasq with cache-size=0, which makes sense if you can't trust your last mile, but not if you can (with DNSCrypt). DNSCrypt is recommended to be used with a DNS cache. Also, Network Manager starts dnsmasq without some additional settings, like bogus-priv, domain-needed, stop-dns-rebind and rebind-localhost-ok. Allowing for configuring these settings, you need to disable Network Manager from starting dnsmasq, as included in this tutorial. For your reference, Network Manager's non-configurable startup of dnsmasq is: Code: Select all /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var /run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.0.0.1 --conf-file=/var/run/nmdns-dnsmasq.conf --cache-size=0 --proxy-dnssec

Forum Rules | IRC Channel Rules

xenopeek Level 21

Posts: 14676 Joined: Wed Jul 06, 2011 9:58 am Location: The Netherlands Private message E-mail Top Report this post

6 sur 18

26/08/2014 13:21

Linux Mint Forums • View topic - How to install ...

http://forums.linuxmint.com/viewtopic.php?f=42...

Reply with quote

Re: How to install DNSCrypt by MR-X on Fri Jul 13, 2012 1:14 am Thank you for this, I was having a hard time getting the new updated dnscrypt-proxy-0.10.1-1 to work on Linux Mint 13 Maya, but thanks to your great tutorial everything is up and running just fine now Now I have Linux Mint 13 running pretty much perfect now that they seemed to have worked out the bugs it was having issues with during its release...... Tutorial Saved! http://techroulette.blogspot.com/p/linu ... ps-and.htm > http://techroulette.blogspot.com