OS diaries

how to encrypt DNS (valid for any distro)

wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.1.2/dnscrypt-proxy-linux_x86_64-2.1.2.tar.gz">https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.1.2/dnscrypt-proxy-linux_x86_64-2.1.2.tar.gz

tar -xvf dnscrypt-proxy-linux_x86_64–2.1.2.tar.gz

cd linux-86_64

su root

ss -lp “sport = :domain”

if you see some process (systemd distros)

systemctl stop systemd-resolved

systemctl disable systemd-resolved

cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml

./dnscrypt-proxy

cp /etc/resolv.conf /etc/resolv.conf.backup

nano /etc/resolv.conf

delete everything and add

nameserver=127.0.0.1
options edns0

make inmutable

chattr -f +i /etc/resolv.conf

./dnscrypt-proxy&

with systemd you can install as a service too

./dnscrypt-proxy -service install

./dnscrypt-proxy -service start

check dnsleaktest.com