I use DNSCrypt (and Dnsmasq as cache).
In Dnscrypt I can choose from a list of resolvers that offer encrypted DNS traffic, that otherwise is in plain text.
It is important that you check these providers because you need to trust them.
Usually it is a good idea to stay away from the "Five eyes" countries because they have a culture of surveillance that involves monitoring the internet traffic of their own populations and exchanging those data.
So OpenDNS from Cisco is out.
Here is the list of providers that you can choose from:
https://github.com/jedisct1/dnscrypt-pr ... olvers.csv
One of these needs to be put into the DNSCrypt config file which you will find in:
/usr/lib/systemd/system/dnscrypt-proxy.service
And here I finally get to the point:
After the latest update this file gets replaced with the new default one that does not have any resolver!
It used to have a default resolver so it could work right out of the box - dnscrypt.eu-nl - but not anymore.
Since they decided not to put any default resolver in there; they did also not make a routine to preserve your settings which means that your internet will be gone after the update.
So you will have to put it back in there like this:
Code: Select all
-R dnscrypt.eu-nl
(replace it with whatever resolver you choose).
This might be a "feature" - but it will cut you off from the internet.
You can check that your internet - in general - is still working with the Tor browser which will work regardless of your DNScrypt settings or by adding:
Code: Select all
nameserver 8.8.8.8
nameserver 8.8.4.4
in /etc/resolv.conf
This Bug manifested itself in Manjaro and probably Arch but it seems to be from upstream. Most Distros will probably take care of this for you ( but you should pick your own resolver - really!).
Just a heads up!
https://bugs.manjaro.org/index.php?do=details&task_id=8