If your ISP is filtering Internet access based on domain names (e.g. as in this polish draft bill which introduces illegal pages register in article 15f) using DNSCrypt might be a way to make it impossible for them to snoop or tamper with internet addresses you are resolving.
DNSCrypt Poland provides free, non-logged and uncensored DNS encryption to anyone willing to use it. It is located in a Beyond Data Center in E24Cloud in Poznań.
When you visit any website, even if it’s an encrypted connection, your computer has to ask for an IP address corresponding to the web address. That query for the IP address is not encrypted and it allows any eavesdropping party to know what you’re visiting. That’s really powerful, because if someone knows you’re visiting a suicide hotline, they don’t really need to see the contents to infer what’s going on with you.
When you’re using DNSCrypt, all these name queries are impossible to see, therefore ensuring the privacy by preventing eavesdropping.
DNSCrypt was concieved by OpenDNS and while they run a very good service, you should have the ability to choose alternative providers. One advantage over OpenDNS is that if a domain doesn’t exist, we’ll tell you so by returning NXDOMAIN; OpenDNS returns valid A records which redirect browsers to their landing page. A feature, yes, but not exactly protocol compliant and “may break things”TM.
To use DNSCrypt you need to install a program that works as a local proxy service. This service connects securely to the DNSCrypt enabled DNS server of your choice and then provides a local port on your computer, the OS can use to make DNS requests on.
There are many DNSCrypt servers around the world. DNSCrypt Poland is in network geography best for Polish users.
Debian, Ubuntu, Fedora, CentOS, Arch
If you are using any of the above you can use Simon Clausen’s “dnscrypt-autoinstall“. It will automatically install dependencies, DNSCrypt, setup your system to use the proxy and make it easy for you to choose which DNSCrypt service to use.
Also note: To make use DNSCrypt Poland you have to uncomment the 2 lines in /etc/config/dnscrypt-proxy and set resolver to ‘soltysiak’ (use this name for now as this is just a legacy name that I had before renaming to DNSCrypt Poland):
# option resolver 'soltysiak'
# option resolvers_list '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
Use Simon Clausen’s very nice DNSCrypt Windows Service Manager to setup DNSCrypt with ease. My mom uses this.
Please see the documentation at dnscrypt.org for more installation and usage instructions.
This page is served via HTTPS to increase the difficulty of a malicious corruption of service details on delivery.
The validity of the details above can be double checked using DNSSEC: look up resolverX.dnscrypt.pl (A) to get the IP, pubkey.resolverX.dnscrypt.pl (TXT) to get the public key and 2.dnscrypt-cert.resolverX.dnscrypt.pl (TXT) for the provider cert. (Replace “X” with the number of the resolver in question)
When everything is set up you should go to dnsleaktest.com or a similar site to make sure that your DNS lookups are going through dnscrypt.pl.
DNSCrypt Poland is operated by me, Maciej Soltysiak. I am a RHEL-certified Poznan-based IT Professional working in a highly controlled, corporate environment. I have a great interest in privacy, security and modern cryptography solutions; that is why I am providing this service.
Resolver #1 is hosted in Poznan with E24Cloud. (disclaimer: this is an affiliate link, if I ever get any money out of this, I put it straight to funding the hosting)
I do not log any information that identifies the individual user. I do log some information in unbound for statistical purposes, but this info does not contain IP addresses of individual users and it is not possible to link queries to users.
Being completely free, this service is provided without any warranty and I renounce liability for any claim, damages or other liability arising from the use of this service.
Keep an eye out on this blog and the official twitter account @dnscryptpl and my own @maciejsoltysiak for more info. Have a look below on how to receive important updates and service status announcements.
Please follow/see @dnscryptpl on Twitter for service announcements and other things relevant to the service.
Please visit the support page to see how you can help maintain this service or simply say thanks.