Download the appropriate release, usually Linux x86_64
https://github.com/DNSCrypt/dnscrypt-proxy/releases/
Once you have the files, untar in a directory. https://github.com/makash/running-dnscrypt-proxy-in-my-laptop
Next we need to edit the dnscrypt-proxy.toml
file
Use the
.toml
file provided
Choose appropriate server_names
Set the listen_addresses = ["127.0.0.53:53"]
Set a fallback_resolver
just in case
Ensure cache = true
These are the steps that allowed me to move completely replacing DNSCrypt over systemd-resolve
- For many reasons I didn't want to disable systemd-resolv so first thing was to just stop it from listening on
127.0.0.53 port 53
. - This change can be done in
/etc/systemd/resolved.conf
I changedDNSStubListener=yes
toDNSStubListener=no
- Now in dnscrypt config
dnscrypt-proxy.toml
I added the listenerlisten_addresses = ["127.0.0.53:53"]
- Now If dnscrypt-proxy is running we have a local DNS (caching) which can talk to DNSCrypt servers. I use captnemo-in run by @captnemo twitter with low latency for me. Additionally I have nextdns as a back up here
- If everything is working fine, all we now need to do is add this as a service so that we can start/stop it at will and save it so that it can survive a reboot
Use the
.service
file provided
sudo touch /etc/systemd/system/dnscrypt.service
chmod 664 /etc/systemd/system/dnscrypt.service
sudo systemctl start dnscrypt.service
sudo systemctl status dnscrypt.service
# If everything is fine
sudo systemctl enable dnscrypt.service
# In case you want to stop it from loading at boot
sudo systemctl disable dnscrypt.service
sudo systemctl restart dnscrypt.service
In case you run the dnscrypt on your router and point the local systemd-resolve
to that use
sudo systemd-resolve --flush-caches