It is important to encrypt your dns traffic. That's the queries from your computer to a dns server. My dns resolv.conf contains:
nameserver 8.8.8.8
nameserver 203.111.231.106
I went ahead and installed dnscrypt-proxy package from the official repository. To check files for dnscrypt-proxy type this in the terminal. $ sudo pacman -Ql dnscrypt-proxy. It will be /etc/dnscrypt-proxy.conf. The config file for dnscrypt is explicit and looks like this essentially:
ResolverName random
You can change "random" to a specific dnscrypt-proxy name from /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv. I recommend this because I encounter a "unable to read" error in the logs when I try it the "random" way. Use chattr +i "path-to-file" to set the property of the file to read-only. NetworkManager will try to modify /etc/resolv.conf. Modify this file to:
nameserver 127.0.0.1
Use dig to check the status of your dns server.
# dig 127.0.0.1 google.com
Enable and start dnscrypt-proxy service in systemd.
Check the logs in Arch with:
$ sudo journalctl | grep dnscrypt-proxy
Comments