How to Install DNSCrypt and Unbound in Arch Linux
A DNS client and a DNS resolver’s communications can be encrypted and authenticated using the DNSCrypt protocol. It will prevent man-in-the-middle attacks or DNS spoofing. The majority of operating systems, including Linux, Windows, MacOS, Android, and iOS, support DNSCrypt. Additionally, we are running archlinux with kernel 4.1 for this article. Unbound is a DNS caching server that responds to all incoming DNS queries. When a user submits a new query, unbound will save it in a cache and utilize it when the user submits the same query again to get the previously stored results. Compared to the first request inquiry, this will be quicker. Then we will try to install “DNSCrypt” to encrypt DNS traffic and ensure it is quicker with “Unbound” DNS caching.
Step 1: Install Yaourt
One tool that makes it simple for archlinux users to install software from the AUR is Yaourt. Yaourt uses the same syntax as pacman, therefore you can use yaourt to install the software. A simple approach to installing Yaourt is as follows:
1. Use nano or vi to edit the “/etc/pacman.conf” file, which contains the configuration information for the arch repository.
$ nano /etc/pacman.conf
2. Add the Yaourt repository at the bottom by pasting the script below:
[archlinuxfr] SigNALLevel = Never Server = http://repo.archlinux.fr/$arch
3. Save it by pressing “Ctrl + x” followed by “Y.”
4. Execute the pacman command to install Yaourt and update the repository database:
$ sudo pacman -Sy yaourt
Step 2: Configure DNSCrypt and Unbound
You may use the pacman command to install DNSCrypt and unbound if they are present in the archlinux repository:
$ sudo pacman -S dnscrypt-proxy unbound
Step 3: Install dnscrypt-autoinstall
On Linux-based computers, DNSCrypt may be installed and configured automatically using the script dnscrypt-autoinstall. Dnscrypt-autoinstall is accessible through the AUR (Arch User Repository), and installation requires the “yaourt” command:
$ yaourt -S dnscrypt-autoinstall
Step 4: Run dnscrypt-autoinstall
To configure DNSCrypt automatically, execute the “dnscrypt-autoinstall” command as root:
$ sudo dnscrypt-autoinstall
If you want to use DNSCrypt.eu, which has features like no logs and DNSSEC, type “y” and click the provider you want to use after pressing “Enter” for the next configuration.
Step 5: Setup Unbound and DNSCrypt
Open the “/etc/conf.d/dnscrypt-config” file for DNS encryption and verify that “DNSCRYPT LOCALIP” is set to the localhost IP address. As for “DNSCRYPT LOCALPORT,” you can set it to whatever port you like; in this case, port 40.
$ nano /etc/conf.d/dnscrypt-config DNSCRYPT_LOCALIP=127.0.0.1 DNSCRYPT_LOCALIP2=127.0.0.2 DNSCRYPT_LOCALPORT=40
Step 6: Run DNSCrypt and Unbound in and add to startup/Boot
Please use root privileges to run DNSCrypt and unbind; you can do this by using the systemctl command:
$ sudo systemctl start dnscrypt-proxy unbound
Step 7: Edit the resolv.conf file and restart all services
Resolv.conf is a file used by Linux to configure the DNS resolver. Because it is merely plain text written by the administrator, you must alter it with root rights and make it immutable (no one can change it).
Use nano editor to make changes:
$ nano /etc/resolv.conf
and add “127.0.0.1” as the localhost IP. and now use the “chattr” command to make it immutable:
$ chattr +i /etc/resolv.conf
Please Login to comment...