-
Notifications
You must be signed in to change notification settings - Fork 1k
Installation
You can't. Because DNSCrypt is just a specification.
However, that specification has been implemented in software such as unbound, dnsdist, dnscrypt-wrapper, Simple DNSCrypt and dnscrypt-proxy.
dnscrypt-proxy is a flexible DNS proxy. It runs on your computer or router, and can locally block unwanted content, reveal where your devices are silently sending data to, make applications feel faster by caching DNS responses, and improve security and confidentiality by communicating to upstream DNS servers over secure channels.
- Installation on Windows
- Installation on macOS
- Installation on Linux
- Installation on pfsense
- Installation on Pi-Hole
- Installation on OpenWRT / LEDE
- Simple DNSCrypt is a simple management tool to configure dnscrypt-proxy on windows based systems.
- DNSCloak is a full-featured DNSCrypt client for iOS, with filtering, logging, caching, password protection and more. No jailbreak required.
- AdGuard Pro for iOS, Android, macOS and Windows embeds dnscrypt-proxy in a slick user interface.
- dnscrypt-proxy switcher is a plugin for Bitbar on macOS, to control dnscrypt-proxy usage from the menu bar.
- Extract and adjust the configuration file dnscrypt-proxy.toml to your needs. In case you started fresh, ensure you backup your modified
dnscrypt-proxy.tomlfile.
Note: You can choose a set of preferred servers in the dnscrypt-proxy.toml file.
Look for:
# server_names = ['scaleway-fr', 'google', 'yandex']Change to the servers you would like to use and remove the leading #.
Example:
server_names = ['google', 'cloudflare']When doing this filters are ignored if you explicitly name the set of resolvers to use ['google', 'cloudflare']
Filters are used when the list is empty, which means all resolvers from configured sources, matching the filters.
- Make sure that nothing else is already listening to port 53 on your system and run (in a console with elevated privileges on Windows) the
dnscrypt-proxyapplication.
Change your DNS settings to the configured IP address and check that everything works as expected.
./dnscrypt-proxy -resolve example.comshould return one of the chosen DNS servers instead of your ISP's resolver.
- Register as a system service.
Pre-compiled binaries can be verified with Minisign:
minisign -Vm dnscrypt-proxy-*.tar.gz -P RWTk1xXqcTODeYttYMCMLo0YJHaFEHn7a3akqHlb/7QvIQXHVPxKbjB5In somecases if you want to run dnscrypt-proxy as a non-root user you'll get the error "[FATAL] listen udp 0.0.0.0:53: bind: permission denied"
to solve this problem you can run the following command and allow dnscrypt to have access to a low level port :
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features