We’ve been touting the benefits of
third-party DNS servers for a while now, but one additional benefit that might
be of interest is the ability to encrypt all of your DNS requests, further
protecting you from anybody spying on you in the middle.
DNSCrypt,
from the great team at OpenDNS, is the simple solution that we’ll use to add
encryption between your computer and the DNS server. It’s a lightweight
solution that works on either Windows or Mac — sadly no mobile support so far.
What this tool is actually doing is
creating an encrypted connection to any of the supported DNS servers, and then
creating a local DNS proxy on your PC. So when you try to open howtogeek.com,
your browser will send a regular DNS query to the 127.0.0.1 localhost address
on port 53, and that request will then be forwarded through the encrypted
connection to the DNS server.
Downloading
for Windows
As with every program you use, you
will need to start by downloading the
installation package. Once you are on the page, simply
click the “dnscrypt-proxy-win32-full-1.4.3.zip” link to download the files
needed. If you see a newer version on the page, be sure to use that instead.
Now, let’s create a folder on the
desktop called DNSCrypt. You can create this folder anywhere you want to, but
the desktop is easiest for the purposes of this demonstration. Extract all the
files by opening the zip file and dragging them into the DNSCrypt folder or by
right-clicking and specifying the desktop folder as the extract destination.
Installing
and Preparing your PC
Now you will need to open an
elevated command prompt window by searching for “cmd”, right-clicking, and
choosing “Run as Administrator”. Once you have your Elevated CMD window
open, enter the following string. Remember that you will need to enter the path
that corresponds with your “bin” folder.
cd
“C:\Users\Vikas\Desktop\DNSCrypt\bin”
This command will tell command
prompt to look in the “bin” folder where the EXE and CSV files are located.
Install
the Proxy Service
Next, you will need to install the
proxy service from DNSCrypt. Use the string below. You will can change the
“opendns” section with a name from the CSV file, or you can update your
CSV file by adding any of the public DNS resolvers that currently support DNSCrypt. You will also need to change the file path to
correspond with the location of the csv file on your computer.
dnscrypt-proxy.exe
--resolver-name=opendns
--resolvers-list="C:\Users\Vikas\Desktop\DNSCrypt\bin\dnscrypt-resolvers.csv"
--test=0
If your CMD window looks like the
image above, you are on the right path and the proxy service has been
successfully tested. If this doesn’t work, simply change the DNS resolver till
you get one that works. Once it is successful, you can continue to install the
proxy service by pressing the “Up” button and changing the “–test=0” to
“–install” as shown below.
dnscrypt-proxy.exe
--resolver-name=opendns
--resolvers-list="C:\Users\Vikas\Desktop\DNSCrypt\bin\dnscrypt-resolvers.csv"
--install
Once it is successfully installed,
you will see the following:
[INFO]
The dnscrypt-proxy service has been installed and started
[INFO]
The registry key used for this service is
SYSTEM\CurrentControlSet\Services\dnscrypt-proxy\Parameters
[INFO]
Now, change your resolver settings to 127.0.0.1:53
Change
your DNS Settings
Now you will need to change your DNS
settings. Right-click on the network icon on the bottom right of your screen
then click on “Open Network and Sharing Center.” It will be the 5 bars for
a wireless connection or a small computer screen for wired connections. Once it
is open, click on “Change adapter settings.”
Right-click on the network
connection that you want to edit and then select the “Properties” option.
Select the TCP/IPv4 settings and
then click on “Properties.”
Change the Preferred DNS server to
“127.0.0.1” then click “OK”.
Now open the TCP/IPv6 settings and
change the DNS settings to “::1”
Now, you have a completely secure
and encrypted DNS connection set up. Have fun browsing the internet securely.
Now that you have an encrypted DNS connection,
No comments:
Post a Comment