Following this article in ArchWiki, I have tried to set up dnscrypt-proxy . Now I would like to verify that it is working as intended. How can I do this?
systemctl status dnscrypt.service outputs:
dnscrypt-proxy.service - DNSCrypt-proxy client
Loaded: loaded (/usr/lib/systemd/system/dnscrypt-proxy.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2020-09-04 11:55:17 CEST; 13s ago
Docs: https://github.com/jedisct1/dnscrypt-proxy/wiki
Main PID: 303867 (dnscrypt-proxy)
Tasks: 13 (limit: 19068)
Memory: 18.6M
CGroup: /system.slice/dnscrypt-proxy.service
└─303867 /usr/bin/dnscrypt-proxy --config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
sep 04 11:55:17 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:17] [NOTICE] Now listening to 127.0.0.1:53 [UDP]
sep 04 11:55:17 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:17] [NOTICE] Now listening to 127.0.0.1:53 [TCP]
sep 04 11:55:17 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:17] [NOTICE] Now listening to [::1]:53 [UDP]
sep 04 11:55:17 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:17] [NOTICE] Now listening to [::1]:53 [TCP]
sep 04 11:55:17 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:17] [NOTICE] Source [relays] loaded
sep 04 11:55:17 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:17] [NOTICE] Source [public-resolvers] loaded
sep 04 11:55:17 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:17] [NOTICE] Firefox workaround initialized
sep 04 11:55:18 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:18] [NOTICE] [cloudflare] OK (DoH) - rtt: 67ms
sep 04 11:55:18 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:18] [NOTICE] Server with the lowest initial latency: cloudf>
sep 04 11:55:18 eos dnscrypt-proxy[303867]: [2020-09-04 11:55:18] [NOTICE] dnscrypt-proxy is ready - live servers: 1
Yeah NetworkManager is a beast, has tons of options. Same as for DNS resolving methods. I found it to be quite hard to understand how they interact.
By the way, now that you have dnscrypt-proxy, you can add an “ad-blocker” list to it. It works in a similar way to an /etc/hosts file.
It’s in the config file under “pattern-based blocklist”, you just to have to add your existing list to it.
Thanks @anon31687413 for all the suggestions and help! This is a new area for me so I will need to do some homework. The possibility to add an “ad-blocker” list is great. I’ll certainly look into it. But will this eliminate the need of ad-blocker addons for the browser?
I use uBlock Origin, and lately I have added uMatrix as well. With the latter I am making small progresses everyday and sometimes I have to switch it off to make some things work on some sites. But that is mostly because I am still learning how it works. uBlock is much more straight forward.
Thanks! You too! I may very well come back to this thread if I have some more questions, until then I wish you and @csteinforth a nice weekend. Thanks again to you both for helping out!
I checked with ipleak.net and it seems to be working.
With server_names = ['Cloudflare'] I get only one IP address for DNS server belonging to Cloudflare. However when I comment out the server_names line, dnscrypt-proxy uses the servers specified in a remote list.
servers from remote list
#########################
Servers
#########################
Remote lists of available servers
Multiple sources can be used simultaneously, but every source
requires a dedicated cache file.
Refer to the documentation for URLs of public sources.
A prefix can be prepended to server names in order to
avoid collisions if different sources share the same for
different servers. In that case, names listed in server_names
must include the prefixes.
If the urls property is missing, cache files and valid signatures
must already be present. This doesn’t prevent these cache files from
Checking again with iplek.net, I get 13 IP adresses for DNS servers from almost all over the world. I believe this is the same as mentioned above by @csteinforth. Is this ok?
By the way, is Cloudflare ok to use as DNS server? Do you have some recommendation on “privacy respecting” servers? Or I could just trust the ones from the remote file?