How to Encrypt DNS Traffic in Ubuntu Using DNSCrypt

Almost every Internet user makes hundreds of DNS (Domain Name System) calls every day, and you probably are not aware that your DNS queries are sent in plain text. What this means is that people managing your DNS server (mostly provided by your ISP) can see where you are heading to on the Internet.

Even if you are using VPN services to secure your Internet connection, most VPN services won’t encrypt your DNS traffic. Moreover, these plain text DNS queries are prone to attacks like man-in-the-middle-attacks, DNS hijacking, etc. If you are really concerned, you can now encrypt DNS traffic in Ubuntu using DNSCrypt.

DNSCrypt is an open source project by OpenDNS which encrypts all the DNS communications in SSL wrapper. To install DNSCrypt in your Ubuntu machine, open the terminal and run the following commands to install DNSCrypt.

sudo add-apt-repository ppa:shnatsel/dnscrypt
sudo apt-get update
sudo apt-get install dnscrypt-proxy

Once installed, open the network manager by clicking on the “Network icon” and then selecting the “Edit connections” option from the context menu.

install-dnscrypt-in-ubuntu-edit-connections

The above action will open the “Network connections” window. Select your network connection and click on the “Edit” button to open an additional options window.

install-dnscrypt-in-ubuntu-click-edit

Switch to the “IPv4 settings” tab. Now,┬áif you are using the method as “Automatic DHCP,” change it to “Automatic DHCP addresses only” and enter the DNS IP address 127.0.0.2. Hit the “Save” button to save the changes.

install-dnscrypt-in-ubuntu-enter-dns-address

Note: If you are using the method as “Manual”, then there is no need to change the method. Just enter the DNS address and hit the “Save” button. Also, there should only be one DNS address, i.e. the DNS address shared above.

Once you are done saving the changes, restart your network connection or restart your Ubuntu machine. From this point forward, all your DNS communications are encrypted and all your DNS requests are authenticated using DNSCrypt protocol.

That’s all there is to do, and do comment below to share your thoughts on DNSCrypt or if you face any problems while installing or configuring DNSCrypt in your Ubuntu machine.