Page 1 of 1

DNScrypt-proxy 2 - a mini "How To"

Posted: Wed May 16, 2018 20:59
by Tedel

I'm placing this mini "How to" here in case it is useful for someone else. :)

First, install dnscrypt-proxy using:

Code: Select all

equo i dnscrypt-proxy
Then, edit /etc/dnscrypt-proxy/dnscrypt-proxy.toml so that:

a) Listen addresses is blank:

Code: Select all

listen_addresses = []
b) Fallback resolver can be found {the original may be blocked by some ISP, so you can alternatively use (Cloudflare), (Google) or your ISP IP address with :53 at the end}. Fallback resolvers are used to update the lists of DNScrypt servers, so make sure that it works (or you will suffer what I suffered!) :P

c) Your [sources] section is as you would like it to be. Check this list.

d) Your desired configuration for DNScrypt servers. In my caseā€¦

Code: Select all

# Server must support DNS security extensions (DNSSEC)
require_dnssec = true

# Server must not log user queries (declarative)
require_nolog = true

# Server must not enforce its own blacklist (for parental control, ads blocking...)
require_nofilter = true
Next step is to save that file and test with:

Code: Select all

dnscrypt-proxy -check
A correct check should show your [sources] loaded (or downloaded, for first time users).

If everything is ok, then you can enable the service so it can run on the next reboot or now (choose one):

systemctl enable dnscrypt-proxy OR systemctl enable dnscrypt-proxy.service --now

Check if it worked with systemctl status dnscrypt-proxy.

If it fails because it couldn't find any lists of sources, run dnscrypt-proxy -check again. If it complains that something "Failed to update dynamic user credentials", then make sure DynamicUser=yes is commented out on /etc/systemd/system/ file.

Everything ok? Good. Now the final step is to ask your computer to use DNScrypt instead of your ISP DNS servers. To do this:

1. Edit /etc/resolv.conf. Comment out the current DNS servers available there (as they are your ISP DNS servers), and add:

Code: Select all

2. Lock /etc/resolv.conf so it won't be overwritten on the next reboot with:

Code: Select all

chattr +i /etc/resolv.conf
You should be good to go. To confirm it is working properly, visit (or any other similar service). You should not see your ISP servers in the result page.

Reboot to double-check it stills uses DNScrypt instead of your ISP servers.

Re: DNScrypt-proxy 2 - a mini "How To"

Posted: Wed May 16, 2018 22:50
by sabayonino
Hi . Thank you

Sabayon has its own Wiki for this . All contributes are welcome