What is DNSCrypt?
DNSCrypt is responsible for encrypting DNS queries, it's like https for all the middleman connection between you and your ISP so they can't record your DNS history and sell your data to various advertising companies or let your country spy on you. It's a pretty useful tool for privacy without affecting your bandwidth speed. There are various tools, dnscrypt-proxy is written in Go and supports modern encrypted DNS protocols and DNS-over-HTTPS, DNS caching and has pre-built binaries for every OS.
Dependencies first (Debian):
apt-get install -y wget
Head to https://github.com/jedisct1/dnscrypt-proxy/releases and find the right version of the pre-compiled binary file. Copy the url, unzip it and move the binary to
For 64bit Linux run the following lines:
wget https://github.com/jedisct1/dnscrypt-proxy/releases/\ download/2.0.20/dnscrypt-proxy-linux_x86_64-2.0.20.tar.gz tar xf dnscrypt-proxy-linux_x86_64-2.0.20.tar.gz mv linux-x86_64 /opt/dnscrypt
First of all remove every local DNS service (if exist) and delete
/etc/resolvconf (not the resolv.conf file). Now backup
resolv.conf, remove it and create a new file with the following contents:
nameserver 127.0.0.1 options edns0 single-request-reopen
Now create the default configuration using the pre-configured snippets and install DNSCrypt as a systemd service:
cd /opt/dnscrypt cp ./example-dnscrypt-proxy.toml dnscrypt-proxy.toml ./dnscrypt-proxy -service install systemctl enable dnscrypt-proxy systemctl start dnscrypt-proxy
listen udp [::1]:53: bind: cannot assign requested address
Solution: Remove IPv6 support by deleting
'[::1]:53' from the configuration file
Verify if it works
Head to https://ipleak.net/ and follow the instructions there to see if your ISP has some leaks.