DNScrypt-proxy 2 - a mini "How To"

Discussions Regarding Software

Moderator: Moderators

Post Reply
Growing Hen
Posts: 115
Joined: Sun Mar 10, 2013 5:32
Location: Peru

DNScrypt-proxy 2 - a mini "How To"

Post by Tedel » Wed May 16, 2018 20:59


I'm placing this mini "How to" here in case it is useful for someone else. :)

First, install dnscrypt-proxy using:

Code: Select all

equo i dnscrypt-proxy
Then, edit /etc/dnscrypt-proxy/dnscrypt-proxy.toml so that:

a) Listen addresses is blank:

Code: Select all

listen_addresses = []
b) Fallback resolver can be found {the original may be blocked by some ISP, so you can alternatively use (Cloudflare), (Google) or your ISP IP address with :53 at the end}. Fallback resolvers are used to update the lists of DNScrypt servers, so make sure that it works (or you will suffer what I suffered!) :P

c) Your [sources] section is as you would like it to be. Check this list.

d) Your desired configuration for DNScrypt servers. In my case…

Code: Select all

# Server must support DNS security extensions (DNSSEC)
require_dnssec = true

# Server must not log user queries (declarative)
require_nolog = true

# Server must not enforce its own blacklist (for parental control, ads blocking...)
require_nofilter = true
Next step is to save that file and test with:

Code: Select all

dnscrypt-proxy -check
A correct check should show your [sources] loaded (or downloaded, for first time users).

If everything is ok, then you can enable the service so it can run on the next reboot or now (choose one):

systemctl enable dnscrypt-proxy OR systemctl enable dnscrypt-proxy.service --now

Check if it worked with systemctl status dnscrypt-proxy.

If it fails because it couldn't find any lists of sources, run dnscrypt-proxy -check again. If it complains that something "Failed to update dynamic user credentials", then make sure DynamicUser=yes is commented out on /etc/systemd/system/multi-user.target.wants/dnscrypt-proxy.service file.

Everything ok? Good. Now the final step is to ask your computer to use DNScrypt instead of your ISP DNS servers. To do this:

1. Edit /etc/resolv.conf. Comment out the current DNS servers available there (as they are your ISP DNS servers), and add:

Code: Select all

2. Lock /etc/resolv.conf so it won't be overwritten on the next reboot with:

Code: Select all

chattr +i /etc/resolv.conf
You should be good to go. To confirm it is working properly, visit dnsleaktest.com (or any other similar service). You should not see your ISP servers in the result page.

Reboot to double-check it stills uses DNScrypt instead of your ISP servers.

User avatar
Sagely Hen
Posts: 3539
Joined: Sun Sep 21, 2008 1:12
Location: Italy

Re: DNScrypt-proxy 2 - a mini "How To"

Post by sabayonino » Wed May 16, 2018 22:50

Hi . Thank you

Sabayon has its own Wiki for this . All contributes are welcome

Post Reply