Update Dec 11 2013: Previous1 has added the steps to compile DNSCrypt yourself and get it working, see this topic: http://forums.linuxmint.com/viewtopic.php?f=42&t=152600. Please follow that tutorial instead, as the below no longer works.
Update Feb 8 2013: As noted by tommyb. in the comments, the DNSCrypt .deb file downloads are no longer available. This makes this tutorial currently not usable.
Easy installation using your package manager is therefor no longer possible, as was detailed below. You'll need to download the source code from http://dnscrypt.org/, and follow the instructions there on how to compile DNSCrypt yourself. Possibly the below information, about disabling NetworkManager's dnsmasq instance and starting your own DNSCrypt and dnsmasq, may still be useful with that.
I haven't delved into this yet, so if anybody has I welcome feedback on needed changes to the tutorial.
----------------------------------------------------------------------------------------------------------------------------------------------------------------
This tutorial describes how to install and set up DNSCrypt (dnscrypt-proxy with dnsmasq). In a nutshell, it sets up a local DNS forwarder on your computer that encrypts all DNS traffic between your computer and your DNS resolver, which will be OpenDNS instead of your ISP. DNSCrypt and OpenDNS intend to keep you more safe online.
Following are some links for more information about DNSCrypt and OpenDNS:
https://blog.opendns.com/2011/12/06/
https://www.opendns.com/
This tutorial has been succesfully tested on:
- Linux Mint 11 GNOME
- Linux Mint 12 KDE
- Linux Mint 13 MATE
- Linux Mint 13 Cinnamon
- Linux Mint 13 Xfce
1. Download and install dnscrypt-proxy
Visit https://github.com/opendns/dnscrypt-proxy/downloads and download the .deb file for your architecture (i386 for 32 bit, amd64 for 64 bit). Double-click the downloaded .deb file to start the installer, or right-click the file and choose "Open With GDebi Package Installer". Click "Install Package" and complete the installation.
Also download the following attached archive file config.tar.bz2, with the needed configuration files. Extract it and open a terminal on the directory where you extracted the configuration files before you continue (in your file browser, open the File menu and select "Open in Terminal"). Run the commands in the tutorial from this terminal.
2. Stop Network Manager
Open a terminal and run the following command:
Code: Select all
sudo stop network-manager
You must skip this step if you are using Linux Mint 11 or 12.
Edit the configuration file:
Code: Select all
sudo nano /etc/NetworkManager/NetworkManager.conf
Code: Select all
dns=dnsmasq
Code: Select all
#dns=dnsmasq
4-7. Create Upstart jobs and copy configuration files
Run the following commands:
Code: Select all
sudo cp init/dnscrypt-proxy.conf /etc/init/
sudo ln -s /lib/init/upstart-job /etc/init.d/dnscrypt-proxy
sudo cp init/dnsmasq.conf /etc/init/
sudo ln -s /lib/init/upstart-job /etc/init.d/dnsmasq
sudo cp dnsmasq.conf /etc/
sudo cp init/ntpdate-dnsmasq.conf /etc/init/
sudo ln -s /lib/init/upstart-job /etc/init.d/ntpdate-dnsmasq
Code: Select all
exec /usr/sbin/dnscrypt-proxy --local-address=127.0.0.2
Code: Select all
exec /usr/sbin/dnscrypt-proxy --local-address=127.0.0.2 --resolver-address=208.67.222.123
You can skip this step unless you are doing this on a Live session.
Run the following command:
Code: Select all
sudo initctl reload-configuration
Start dnscrypt-proxy, which will automatically also start dnsmasq (and ntpdate):
Code: Select all
sudo start dnscrypt-proxy
Code: Select all
sudo start network-manager
Open Network Connections from the menu. On the Wired or Wireless tab highlight your active Internet connection. Click "Edit". On the IPv4 Settings tab, set Method to "Automatic (DHCP) addresses only" and set DNS servers to "127.0.0.1". Click "Save". Click "Close".
11. Final test
Visit http://www.opendns.com/welcome to test your connection. You should be welcomed to OpenDNS.
----------------------------------------------------------------------------------------------------------------------------------------------------------------
Uninstalling
If you decide you want to remove DNSCrypt, you can revert all changes made with the following steps.
Stop the services and remove all added files
Run the following commands:
Code: Select all
sudo stop network-manager
sudo stop dnscrypt-proxy
sudo rm /etc/init/ntpdate-dnsmasq.conf
sudo rm /etc/init.d/ntpdate-dnsmasq
sudo rm /etc/dnsmasq.conf
sudo rm /etc/init/dnsmasq.conf
sudo rm /etc/init.d/dnsmasq
sudo rm /etc/init/dnscrypt-proxy.conf
sudo rm /etc/init.d/dnscrypt-proxy
sudo initctl reload-configuration
sudo apt-get --purge autoremove dnscrypt-proxy
You must skip this step if you are using Linux Mint 11 or 12.
Edit the configuration file:
Code: Select all
sudo nano /etc/NetworkManager/NetworkManager.conf
Code: Select all
#dns=dnsmasq
Code: Select all
dns=dnsmasq
Start the services
Start Network Manager:
Code: Select all
sudo start network-manager
Open Network Connections from the menu. On the Wired or Wireless tab highlight your active Internet connection. Click "Edit". On the IPv4 Settings tab, set Method to "Automatic (DHCP)". Click "Save". Click "Close".