Follow @devcrafter91

How to setup DNSCrypt on Linux

Wed Apr 10 2019 linux privacy hack

What is DNSCrypt?

DNSCrypt is responsible for encrypting DNS queries, it's like https for all the middleman connection between you and your ISP so they can't record your DNS history and sell your data to various advertising companies or let your country spy on you. It's a pretty useful tool for privacy without affecting your bandwidth speed. There are various tools, dnscrypt-proxy is written in Go and supports modern encrypted DNS protocols and DNS-over-HTTPS, DNS caching and has pre-built binaries for every OS.


Dependencies first (Debian):

apt-get install -y wget

Head to and find the right version of the pre-compiled binary file. Copy the url, unzip it and move the binary to /opt/.

For 64bit Linux run the following lines:

tar xf dnscrypt-proxy-linux_x86_64-2.0.20.tar.gz
mv linux-x86_64 /opt/dnscrypt


First of all remove every local DNS service (if exist) and delete /etc/resolvconf (not the resolv.conf file). Now backup resolv.conf, remove it and create a new file with the following contents:

options edns0 single-request-reopen

Now create the default configuration using the pre-configured snippets and install DNSCrypt as a systemd service:

cd /opt/dnscrypt
cp ./example-dnscrypt-proxy.toml dnscrypt-proxy.toml
./dnscrypt-proxy -service install 
systemctl enable dnscrypt-proxy
systemctl start dnscrypt-proxy


Problem: listen udp [::1]:53: bind: cannot assign requested address

Solution: Remove IPv6 support by deleting '[::1]:53' from the configuration file

Verify if it works

Head to and follow the instructions there to see if your ISP has some leaks.