bpsite.xyz: Branden Pavon

• Home
• Linkedin
• Github
• Projects

• DNSCRYPT: Encrypt your DNS queries

Question: What is dnscrypt-proxy?

dnscrypt-proxy is a local DNS resolver that encrypts DNS traffic using DNSCrypt or DNS-over-HTTPS (DoH). If you do not know already, DNS queries are unencrypted by default so snoopers can see what websites or services you are using. dnscrypt-proxy prevents this by encrypting your DNS queries before sending them out to a public resolver.

Debian / Ubuntu

Arch Linux

Void Linux

Lets edit the configuration file

Inside this file you can configure which DNS servers dnscrypt-proxy will use. Look for the following line:

You can change this list depending on which encrypted DNS providers you prefer. Common providers include Cloudflare(not recommened), Quad9, Mullvad, quad101, controld, etc.

Use https://dnscrypt.info/public-servers to find some servers

You may also want to enable DNSSEC validation for improved security. Find the following line and ensure it is set to true:

Once the configuration is finished, save the file and start the dnscrypt-proxy service.

Start and enable the service(systemd, Debian/Ubuntu and Arch)

This is for Systemd only. Skip this section if you are using another init system. [user@computer ~]$ sudo systemctl enable dnscrypt-proxy

Now verify the service is running:

Enable and start service (Runit, Void Linux)

This is for Runit only. Skip this section if you are using another init system. [user@computer ~]$ sudo ln -s /etc/sv/dnscrypt-proxy /var/service

You can check the service status with:

Time to use the service! Almost done!

Next, configure your system to use the local DNS resolver. Edit your resolver configuration file:

Add the following line so your system uses dnscrypt-proxy locally:

Finally, test that DNS resolution works properly.

If the command returns an IP address, dnscrypt-proxy is working and your DNS queries are now encrypted.

• EMAIL: bp [at] bpsite (dot) xyz

• GITHUB: github.com/BrandenPavon