61 lines
No EOL
2 KiB
Text
61 lines
No EOL
2 KiB
Text
====== DNSCrypt ======
|
||
|
||
[[https://dnscrypt.info/|DNSCrypt]] is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
|
||
|
||
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.
|
||
|
||
Free, DNSCrypt-enabled resolvers are available all over the world.
|
||
|
||
<alert type="info" icon="fa fa-info-circle">Our dnscrypt server is also part of the official lists for [[https://dnscrypt.info/public-servers/|DNSCrypt & DOH Server]] & [[https://download.dnscrypt.info/dnscrypt-resolvers/v3/relays.md|Anonymized DNS relays]].</alert>
|
||
|
||
===== Package =====
|
||
|
||
<code>
|
||
pacman -S dnscrypt-proxy
|
||
</code>
|
||
|
||
Check also [[https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux|the link]] for other devices.
|
||
|
||
===== Config file =====
|
||
|
||
Change your ''dnscrypt-proxy.toml'' config file.
|
||
|
||
<code>
|
||
nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml
|
||
</code>
|
||
|
||
==== server_names ====
|
||
|
||
<code>
|
||
server_names = ['digitalprivacy.diy-dnscrypt-ipv4', 'digitalprivacy.diy-dnscrypt-ipv6']
|
||
</code>
|
||
|
||
|
||
==== (Optional) listen_addresses ====
|
||
|
||
If you're going to use [[/en/server/services/unbound|Unbound]] and [[/en/server/services/adguardhome|AdGuardHome]] you'll need to change the ''listen_addresses'' as well.
|
||
|
||
<code>
|
||
listen_addresses = ['127.0.0.1:5300']
|
||
</code>
|
||
==== Anonymized DNS ====
|
||
|
||
Go to the bottom ''routes = ['' and add:
|
||
|
||
<code>
|
||
routes = [
|
||
{ server_name='2.dnscrypt-cert.digitalprivacy.diy', via=['anon-digitalprivacy.diy-ipv4', 'anon-digitalprivacy.diy-ipv6'] }
|
||
]
|
||
</code>
|
||
|
||
|
||
===== Start/restart =====
|
||
|
||
<code>
|
||
systemctl enable --now dnscrypt-proxy.service
|
||
</code>
|
||
|
||
<alert type="info" icon="fa fa-info-circle">Any changes to ''/etc/dnscrypt-proxy/dnscrypt-proxy.toml'' requires a restart of the service. Keep that in mind.</alert>
|
||
<code>
|
||
systemctl restart dnscrypt-proxy.service
|
||
</code> |