What is DNSCrypt?
DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
More informations at https://dnscrypt.org/
Features of RandomDNS
Randomize the provider at runtime
Use (-E)phemeral keys option
Securely run DNSCrypt proxy by verifying its hash, copying it in /tmp dir with restricted permissions and launching it as “nobody” user (if reverse proxy is enabled)
Watch the proxy process and relaunch it if it dies
Can run multiple instances of DNSCrypt and load balance the traffic (EdgeDNS)
Have in-memory caching of DNS requests along with Consistent Hashing (EdgeDNS)
Can filter the server list by protocols, country and much more
Rotate the server with a defined time (default: 10 minutes)
Support DNSSEC (EdgeDNS)
How to use it
Update Brew: brew update && brew upgrade
Install DNSCrypt + Node + NPM: brew install dnscrypt-proxy node npm
Download and run RandomDNS: npm install -g randomdns && sudo DEBUG=* randomdns
Set your DNS settings to 127.0.0.1
The post RandomDNS: makes DNS secure appeared first on Penetration Testing.