til/install-dnscrypt.md

1.2 KiB

Install DNSCrypt

What is DNSCrypt? Why use DNSCrypt? These questions can be answered by simple Google search, and I don't know where to start.

This guide is thing I save for myself, so be careful.


Assume you use Archlinux and NetworkManager, because I use those.

Read dnscrypt-proxy. Read dnsmasq. Read NetworkManager.


Install dnscrypt-proxy, dnsmasq.

Edit /etc/dnscrypt-proxy/dnscrypt-proxy.toml:

  • Change listen_addresses option:
listen_addresses = ['127.0.0.1:53000', '[::1]:53000']
  • Change server_names option to use Cloudflare:
server_names = ['cloudflare', 'cloudflare-ipv6']

Edit /etc/resolv.conf:

nameserver ::1
nameserver 127.0.0.1
options edns0 single-request-reopen

Edit /etc/dnsmasq.conf:

cache-size=1000
no-resolv
server=::1#53000
server=127.0.0.1#53000
listen-address=::1,127.0.0.1

Edit /etc/NetworkManager/conf.d/dns.conf to prevent NetworkManager change /etc/resolv.conf:

[main]
dns=none

Finally, restart NetworkManager.service and start/enable dnscrypt-proxy.service, dnsmasq.service.