-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Installation
You can't. Because DNSCrypt is just a specification.
That specification has been implemented in software such as unbound, dnsdist, dnscrypt-wrapper and dnscrypt-proxy.
dnscrypt-proxy is a flexible DNS proxy. It runs on your computer or router, and can locally block unwanted content, reveal where your devices are silently sending data to, make applications feel faster by caching DNS responses, and improve security and confidentiality by communicating to upstream DNS servers over secure channels.
- Extract and adjust the configuration file dnscrypt-proxy.toml to your needs. In case you started fresh, ensure you backup your modified
dnscrypt-proxy.tomlfile.
Note: You can choose a set of preferred servers in the dnscrypt-proxy.toml file.
Look for:
# server_names = ['scaleway-fr', 'google', 'yandex']Change to the servers you would like to use and remove the leading #.
Example:
server_names = ['google', 'cisco-ipv6']- Make sure that nothing else is already listening to port 53 on your system and run (in a console with elevated privileges on Windows) the
dnscrypt-proxyapplication.
Change your DNS settings to the configured IP address and check that everything works as expected.
./dnscrypt-proxy -resolve example.comshould return one of the chosen DNS servers instead of your ISP's resolver.
- Register as a system service (see below).
With administrator privileges, type dnscrypt-proxy -service install to register dnscrypt-proxy as a system service, and dnscrypt-proxy -service start to start it.
If the file is in the current directory and not where other executable files are, use ./dnscrypt-proxy instead of just dnscrypt-proxy.
On Windows, this is not even required: you can just double-click on server-install.bat to install the service.
Done. It will automatically start at boot.
This setup procedure is compatible with Windows, Linux (systemd, Upstart, SysV), and macOS (launchd).
Other commands include stop, restart (useful after a configuration change) and uninstall.
Note that on Linux, kernel 2.6.23 or later is required.
Arch Linux has a package for v2 in its AUR repository:
- Install it with :
yaourt -S dnscrypt-proxy-go- Activate & Start the service:
systemctl enable dnscrypt-proxy.service
systemctl start dnscrypt-proxy.service- Check succesfull service start:
systemctl status dnscrypt-proxy.serviceAnd look for the Log Line
dnscrypt-proxy is ready - live servers:
dnscrypt-proxy is now listening on 127.0.0.1:53
Gentoo Linux has a package for v2 in its main repository:
- Install it with :
emerge dnscrypt-proxy -av-
Activate & Start the service:
- With OpenRC
rc-update add dnscrypt-proxy default rc-service dnscrypt-proxy start
- With systemd
sed -i 's|\['\''127\.0\.0\.1:53'\'', '\''\[::1\]:53'\''\]|\[\]|g' /etc/dnscrypt-proxy/dnscrypt-proxy.toml systemctl enable dnscrypt-proxy.service --now
-
Check succesfull service start:
- With OpenRC
rc-service dnscrypt-proxy status * status: started- With systemd
systemctl status dnscrypt-proxy.service
-
Adjust your
/etc/resolv.conffile to query dnscrypt-proxy
nameserver 127.0.0.1
Pi-hole has a documentation page on how to set up dnscrypt-proxy 2: https://github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0
The following command adds the required attributes to the dnscrypt-proxy file so that it can run as a non-root user:
sudo setcap cap_net_bind_service=+pe dnscrypt-proxyDownload the dnscrypt-proxy-macos-2.x.x.tar.gz
- Extract the
tar.gzfile; move it to a location you would like to put it in. You can also rename the folder.
Example: Put it in the home directory and rename the folder to Dnscrypt.
It will look like this for the Terminal /Users/YourUserName/Dnscrypt
- Start dnscrypt-proxy and install as a service by opening
Terminaltype:
sudo /Users/YourUserName/Dnscrypt/dnscrypt-proxy start
sudo /Users/YourUserName/Dnscrypt/Dnscrypt/dnscrypt-proxy -service install
sudo /Users/YourUserName/Dnscrypt/Dnscrypt/dnscrypt-proxy -service start- Now open Network Preferences and change the DNS server under Advanced and DNS tab.
Change it to 127.0.0.1 or ::1.
Download the dnscrypt-proxy-linux_x86_64-2.x.x.tar.gz
- Extract the
tar.gzfile; move it to a location you would like to put it in. You can also rename the folder.
Example: Put it in the home directory and rename the folder to Dnscrypt.
It will look like this for the Terminal /home/YourUserName/Dnscrypt
- Start dnscrypt-proxy and install as a service by opening
Terminaltype:
sudo /home/YourUserName/Dnscrypt/dnscrypt-proxy start
sudo /home/YourUserName/Dnscrypt/dnscrypt-proxy -service install
sudo /home/YourUserName/Dnscrypt/dnscrypt-proxy -service start- Now open Network Preferences and change the DNS server to
127.0.0.1and you also need to add it to/etc/network/interfaceswith theTerminalType:
sudoedit /etc/network/interfacesadd dns-nameservers 127.0.0.1
Should look something like this:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
dns-nameservers 127.0.0.1
Save it and reboot.
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features