dnscrypt-proxy Setup Guide
This guide will help you configure dnscrypt-proxy** to use the UK DNS Privacy Project’s secure public DNS resolvers, enhancing your privacy and security by encrypting DNS queries.
Prerequisites
- A working dnscrypt-proxy installation.
- Access to the system terminal.
- Basic knowledge of editing configuration files.
Step 1: Locate and Edit the Configuration File
-
Open a terminal and locate the dnscrypt-proxy configuration file, usually found at:
/etc/dnscrypt-proxy/dnscrypt-proxy.toml -
Open the file in a text editor:
sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml
Step 2: Enable DNS over HTTPS (DoH) or DNS over TLS (DoT)
For encrypted DNS, use either DoH or DoT by modifying the server_names and stamp fields.
Using DNS over HTTPS (DoH)
-
Locate the
[dnscrypt_servers]section and ensurednscrypt_serversis set tofalse. -
Under
[doh_servers], setdoh_servers = true. -
Update the
server_nameslist:server_names = ['uk-dns-privacy-project'] -
Set the
stampfield to:stamp = 'sdns://AgcAAAAAAAAAAAAacmVzb2x2ZXIuZG5zcHJpdmFjeS5vcmcudWsKL2Rucy1xdWVyeQ'
Using DNS over TLS (DoT)
-
Locate the
[tls_servers]section and settls_servers = true. -
Update the
server_nameslist:server_names = ['uk-dns-privacy-project'] -
Set the
stampfield to:stamp = 'sdns://AwcAAAAAAAAAAAAacmVzb2x2ZXIuZG5zcHJpdmFjeS5vcmcudWs'
Step 3: Apply Changes and Restart dnscrypt-proxy
-
Save and close the configuration file.
-
Restart the dnscrypt-proxy service to apply the changes:
sudo systemctl restart dnscrypt-proxy -
Verify that dnscrypt-proxy is running correctly:
systemctl status dnscrypt-proxy
Step 4: Test DNS Resolution
Visit the UK DNS Project homepage to verify that your system is using the configured DNS.
Troubleshooting
-
Ensure there are no syntax errors in
dnscrypt-proxy.toml. -
Restart the service if changes are not taking effect.
-
Check logs using:
sudo journalctl -u dnscrypt-proxy --no-pager | tail -n 20
For more assistance, visit our Getting Help page.