Numerous
online scams and cyber crime cases are forcing you to encrypt web traffic to avail optimal online
security. Since virtual attacks can result in data, financial, and personal
information loss, securing
DNS servers are becoming highly important for every Internet user. DNSCrypt, a latest service by
OpenDNS, is a protocol that is specially developed for securing web traffic
between a client PC and a DNS server. Installing the special security tools can
help you prevent various DNS
attacks including spying, spoofing or man-in-the-middle attacks. Out of
all the leading computer operating systems, Ubuntu is one of the more secured
and protected OS platform.
You
can install dnscrypt-proxy
on Linux OS to use your Ubuntu system as a local resolver or as a DNS
forwarder. The installation of the tool will help the servers to authenticate
requests and pass them to an upstream server. If you are looking for a complete
guide that contains information about the tool and its installation, then read
this blog to secure DNS
servers.
How Can Encrypting DNS Traffic Help?
There
are plenty of security packages available for Ubuntu 14.04 or 14.10 and all of
them generally use 127.0.0.2 as the local IP address. The pre-defined local IP
address ensures that the utility should not interfere with Ubuntu's default
setup. It is one of the tools that encrypt web traffic and offers outstanding security by using a
dedicated system user approach for every package. Some tech experts also state
that using US based OpenDNS resolver to secure DNS servers can be highly dangerous because
it records all the online activities of the user. Additionally, several
vulnerabilities in the tool may also hijack the browser’s homepage and
redirects URLs to its own malicious servers.
Steps to Install DNSCrypt in Ubuntu via PPA Package
1.
Install dnscrypt-proxy in Ubuntu by using the following commands:
“sudo add-apt-repository
ppa:anton+/dnscrypt
sudo apt-get update
sudo apt-get install dnscrypt-proxy”
2.
After installing the tool, set your DNS
server’s network connection to
‘127.0.0.2’
3.
Go to ‘Network Manager’ indicator and select
‘Edit Connections’ option
4.
Now, select the desired connection and click
‘Edit’ option
5.
Look out for the ‘IPv4 Settings’ tab and enter
‘127.0.0.2,’ under ‘DNS servers’ section and then click ‘Save,’ after selecting
the ‘Manual’ method
6.
You can also select ‘Automatic (DHCP)’
method, select ‘Automatic (DHCP)
addresses only’ option, enter ‘127.0.0.2,’ under ‘DNS servers’ section and then
click ‘Save’
7.
Restart your network connection by selecting
Network indicator > Enable Networking twice to disable > and then
re-enable it
8.
Check that the ‘127.0.0.2’ DNS is actually in
use by visiting Network indicator > Connection Information.
How to Confirm That the ‘dnscrypt-proxy’ is Working?
Since
the dnscrypt-proxy
packages don't use actual OpenDNS codes, a user will not be able to confirm that
the DNS servers are using "dig txt debug.opendns.com" command.
Additionally, machines running ‘dnscrypt-proxy’ tool cannot visit OpenDNS' test pages to perform a
DNS check. However, you can visit www.dnsleaktest.com and run a DNS check to
confirm the operations of the ‘dnscrypt-proxy’
package resolver.
Additionally,
you can also run the “sudo tcpdump -i NETWORK-INTERFACE dst host
176.56.237.171” command to check that the ‘dnscrypt-proxy’ is working. After running the
command, visit a website in your web browser, and the command output will
appear like this:
Conclusion
Always
remember that the tweaks mentioned above will only function on systems running
on Ubuntu 14.10, 14.04 and 12.04. Although securing DNS connections are quite difficult, but
every user should encrypt
web traffic to ensure complete safety of data, files, and other online
stuff. Preventing virtual attacks is quite challenging as the malware authors
are coming up with smart programs to snoop into your network connections. If
you think that your device and online accounts carries some sensitive files and
documents, then install the tool right now to enjoy secure DNS access.