How to Install DNSCrypt and Unbound in Arch Linux

A DNS client and a DNS resolver’s communications can be encrypted and authenticated using the DNSCrypt protocol. It will prevent man-in-the-middle attacks or DNS spoofing. The majority of operating systems, including Linux, Windows, MacOS, Android, and iOS, support DNSCrypt. Additionally, we are running archlinux with kernel 4.1 for this article. Unbound is a DNS caching server that responds to all incoming DNS queries. When a user submits a new query, unbound will save it in a cache and utilize it when the user submits the same query again to get the previously stored results. Compared to the first request inquiry, this will be quicker. Then we will try to install “DNSCrypt” to encrypt DNS traffic and ensure it is quicker with “Unbound” DNS caching.

Stepwise Installation

Step 1: Install Yaourt

One tool that makes it simple for archlinux users to install software from the AUR is Yaourt. Yaourt uses the same syntax as pacman, therefore you can use yaourt to install the software. A simple approach to installing Yaourt is as follows:

1. Use nano or vi to edit the “/etc/pacman.conf” file, which contains the configuration information for the arch repository.

$ nano /etc/pacman.conf

 

2. Add the Yaourt repository at the bottom by pasting the script below:

[archlinuxfr]
SigNALLevel = Never
Server = http://repo.archlinux.fr/$arch

 

3. Save it by pressing “Ctrl + x” followed by “Y.”

4. Execute the pacman command to install Yaourt and update the repository database:

$ sudo pacman -Sy yaourt

 

Step 2: Configure DNSCrypt and Unbound

You may use the pacman command to install DNSCrypt and unbound if they are present in the archlinux repository:

$ sudo pacman -S dnscrypt-proxy unbound

 

Step 3: Install dnscrypt-autoinstall

On Linux-based computers, DNSCrypt may be installed and configured automatically using the script dnscrypt-autoinstall. Dnscrypt-autoinstall is accessible through the AUR (Arch User Repository), and installation requires the “yaourt” command:

$ yaourt -S dnscrypt-autoinstall

 

Step 4: Run dnscrypt-autoinstall

To configure DNSCrypt automatically, execute the “dnscrypt-autoinstall” command as root:

$ sudo dnscrypt-autoinstall

If you want to use DNSCrypt.eu, which has features like no logs and DNSSEC, type “y” and click the provider you want to use after pressing “Enter” for the next configuration.

 

Step 5: Setup Unbound and DNSCrypt

Open the “/etc/conf.d/dnscrypt-config” file for DNS encryption and verify that “DNSCRYPT LOCALIP” is set to the localhost IP address. As for “DNSCRYPT LOCALPORT,” you can set it to whatever port you like; in this case, port 40.

$ nano /etc/conf.d/dnscrypt-config
DNSCRYPT_LOCALIP=127.0.0.1
DNSCRYPT_LOCALIP2=127.0.0.2
DNSCRYPT_LOCALPORT=40

 

 

 Step 6: Run DNSCrypt and Unbound in and add to startup/Boot

Please use root privileges to run DNSCrypt and unbind; you can do this by using the systemctl command:

$ sudo systemctl start dnscrypt-proxy unbound

 

Step 7: Edit the resolv.conf file and restart all services

Resolv.conf is a file used by Linux to configure the DNS resolver. Because it is merely plain text written by the administrator, you must alter it with root rights and make it immutable (no one can change it).

Use nano editor to make changes:

$ nano /etc/resolv.conf

 

and add “127.0.0.1” as the localhost IP. and now use the “chattr” command to make it immutable:

$ chattr +i /etc/resolv.conf