This is a quick intro with how to use lokinet with dnscrypt-proxy on ubuntu/debian based distros to secure your dns queries from spying eyes, as requested by someone on an XMPP muc.
You want to first install
# apt update # apt install dnscrypt-proxy
lokinet see this blog post on how to do that.
By default your system will want to use
dnscrypt-proxy as system resolver, this is fine as you can always forward dns for
.snode to lokinet.
/etc/dnscrypt-proxy/dnscrypt-proxy.toml you want to add an option to provide a fowarding file:
forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'
In a new file at
/etc/dnscrypt-proxy/forwarding-rules.txt'put the following forwarding rules:
loki 127.3.2.1 snode 127.3.2.1 0.10.in-addr.arpa 127.3.2.1
The first rule says to forward the
.loki gtld to lokinet dns (127.3.2.1)
The second rule says to forward the
.snode gtld to lokinet dns
The third rule is for reverse dns for
10.0.0.0/16 ip range so you can resolve the .loki address from the range owned by lokinet.
If you do not use
10.0.0.0/16 for lokinet's ephemeral IP range change the third rule to match the range you use.
Finally you want to set your primary dns resolver to use
127.3.2.1 that is lokinet dns)