Making your DNS queries private for your entire network

In my previous post,  "Making your web browsing experience even more private!", I shared how to encrypt your DNS queries on the browser level, using Firefox (only with v60 or later, which at this time, is the Developer Edition). The limitations of it is that you have to do it on every system, and you're limited to using Firefox.

With the latest release of 2.0.10 of dnscrypt-proxy, it's now even easier and simpler to make it more difficult for anyone else to know what websites you're visiting, or what DNS queries you're performing. 2.0.10 was released 3 days ago, and there's a binary for nearly every OS out there like: macOS, Windows, Linux and Android.

Making your DNS queries private involves downloading dnscrypt-proxy, and setting it up on your network router, which shouldn't take more than 10 minutes.

I initially downloaded the 2.0.8 Win64 zip file, and unzipped it to C:\Program Files\DNScrypt, and created/modified the configuration file: dnscrypt-proxy.toml with the following content, then ran service-install.bat.


server_names = ['CloudflareIPv6', 'CloudflareIPv4', 'google', 'cisco', 'yandex']
listen_addresses = ['', '[::1]:53']
ipv6_servers = true
lb_strategy = 'fastest'
fallback_resolver = ''
## cloudflare
#Cloudflare DNS (anycast) - aka /
stamp = 'sdns://AgcAAAAAAAAABzEuMC4wLjEg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk'

## cloudflare-ipv6
#Cloudflare DNS over IPv6 (anycast)
stamp = 'sdns://AgcAAAAAAAAAGVsyNjA2OjQ3MDA6NDcwMDo6MTExMV06NTMg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk'

stamp = 'sdns://AgUAAAAAAAAAACDyXGrcc5eNecJ8nomJCJ-q6eCLTEn6bHic0hWGUwYQaA5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs'

stamp = 'sdns://AQAAAAAAAAAAD1syNjIwOjA6Y2NjOjoyXSC3NRFAIG8iXT4r2CLX_WkeocM8yNZmjQy-BL-rykP7eRsyLmRuc2NyeXB0LWNlcnQub3BlbmRucy5jb20'

I then updated both the IPv4 and IPv6 DNS server addresses on my system to point to my own system.

When 2.0.10 was released, I downloaded the ARM version for my router,  and made a new copy of the configuration file, and changed dnscrypt-proxy.toml to the following:

listen_addresses = ['']
log_file = '/var/log/dnscrypt-proxy.log'
file = '/var/log/dnscrypt-proxy-query.log'

Subsequently, I uploaded the configuration file and the executable to the router's /usr/sbin directory, and updated the router's DHCP to set the DNS servers pointing to my router, so that machines on my network uses encrypted DNS.  As the script used by dnscrypt-proxy doesn't work on my router, I've created a new script that works, and uploaded the project on my Github.

Now, DNS queries on any machines in my network uses the dnscrypt-proxy to encrypt my DNS queries. My ISP can't see my DNS queries any more!


Published Thu, 19 Apr 2018 @ 11:15 AM by chuacw
Related articles: ,