dnscrypt-proxy Setup Guide ​
This guide will help you configure dnscrypt-proxy** to use the UK DNS Privacy Project's secure public DNS resolvers, enhancing your privacy and security by encrypting DNS queries.
Prerequisites ​
- A working dnscrypt-proxy installation.
- Access to the system terminal.
- Basic knowledge of editing configuration files.
Step 1: Locate and Edit the Configuration File ​
- Open a terminal and locate the dnscrypt-proxy configuration file, usually found at:sh
/etc/dnscrypt-proxy/dnscrypt-proxy.toml - Open the file in a text editor:sh
sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml
Step 2: Enable DNS over HTTPS (DoH) or DNS over TLS (DoT) ​
For encrypted DNS, use either DoH or DoT by modifying the server_names and stamp fields.
Using DNS over HTTPS (DoH) ​
- Locate the
[dnscrypt_servers]section and ensurednscrypt_serversis set tofalse. - Under
[doh_servers], setdoh_servers = true. - Update the
server_nameslist:tomlserver_names = ['uk-dns-privacy-project'] - Set the
stampfield to:tomlstamp = 'sdns://AgcAAAAAAAAAAAAacmVzb2x2ZXIuZG5zcHJpdmFjeS5vcmcudWsKL2Rucy1xdWVyeQ'
Using DNS over TLS (DoT) ​
- Locate the
[tls_servers]section and settls_servers = true. - Update the
server_nameslist:tomlserver_names = ['uk-dns-privacy-project'] - Set the
stampfield to:tomlstamp = 'sdns://AwcAAAAAAAAAAAAacmVzb2x2ZXIuZG5zcHJpdmFjeS5vcmcudWs'
Step 3: Apply Changes and Restart dnscrypt-proxy ​
- Save and close the configuration file.
- Restart the dnscrypt-proxy service to apply the changes:sh
sudo systemctl restart dnscrypt-proxy - Verify that dnscrypt-proxy is running correctly:sh
systemctl status dnscrypt-proxy
Step 4: Test DNS Resolution ​
Visit the UK DNS Project homepage to verify that your system is using the configured DNS.
Troubleshooting ​
- Ensure there are no syntax errors in
dnscrypt-proxy.toml. - Restart the service if changes are not taking effect.
- Check logs using:sh
sudo journalctl -u dnscrypt-proxy --no-pager | tail -n 20
For more assistance, visit our Getting Help page.