Your ISP provides name to IP address resolution for any domain that is not resolvable within your local network. These unsecured requests can be spoofed by an attacker which could lead to a man-in-the-middle attack. Your ISP may also be able to monitor your traffic. Fortunately there is a simple solution to ensure data integrity while also protecting your privacy.
DNSCrypt encrypts and authenticates DNS traffic between your computer and a DNS resolver. This ensures the IP addresses being returned to you have not been manipulated while also maintaining data confidentiality. In the following example we are going to demonstrate how to install DNSCrypt on a system running Linux and then cache those requests using Dnsmasq.