DNS over HTTPS with DNSCrypt

Adding a layer of privacy by configuring DNS over HTTPS using dnscrypt in debian

Requirements
Summary DNSCRYPT-PROXY
Network Configuration
- Opt. A - /etc/network/interfaces
- Opt.B - /etc/resolv.conf
Troubleshooting
References

DNS over HTTPS

Requirements

dnscrypt-proxy
network configuration (DNS Resolver)

Summary DNSCRYPT-PROXY

# Install dnscrypt-proxy
apt install -y dnscrypt-proxy  

# Configure dnscrypt-proxy
/etc/dnscrypt-proxy/dnscrypt-proxy.toml

# Opt. A - DNS nameservers
netmask 255.255.255.0  
gateway 192.168.1.1  

# Opt.B - DNS resolution configuration
nameserver 172.0.2.1  
crontab -e  
@reboot echo "nameserver 172.0.2.1" > /etc/resolv.conf

Here are two options, adding dns configuration to interfaces file or inserting the dns configuration directly into resolv.conf; the former being way more consistent than the latter as it leaves resolv.conf file configuration for NetworkManager service which will base its config in the /etc/network/interfaces file.

Although if it was to have any network change to a different network rather than the one defined in interfaces file, it would set the dns server depending on the new network leaving to dns leakage outside the DNS over HTTPS setup.

Opt. A - `/etc/network/interfaces`

iface eth0 inet static
    address 192.168.1.100  
    netmask 255.255.255.0  
    gateway 192.168.1.1  
    dns-nameservers 172.0.2.1

Opt.B - `/etc/resolv.conf`

echo "nameserver 172.0.2.1" > /etc/resolv.conf  
crontab -e  
@reboot echo "nameserver 172.0.2.1" > /etc/resolv.conf

Troubleshooting

Check service status: service dnscrypt-status
Check listening port and IP: netstat -tulnp | grep 53
Restart network services: service networking restart
Check connectivity: ping 8.8.8.8
nslookup google.com

References

For more details, refer to the dnscrypt-proxy documentation and explore DNS over HTTPS examples.

Table of Contents