Get a root shell
sudo -s
check what else is possibly already listening to port 53
ss -lp 'sport = :domain'
systemctl stop systemd-resolved systemctl disable systemd-resolved
ss -lp 'sport = :domain'
Download and run dnscrypt-proxy
Download dnscrypt-proxy here: dnscrypt-proxy binaries.
cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
./dnscrypt-proxy
Change the system DNS settings
apt-get remove resolvconf
cp /etc/resolv.conf /etc/resolv.conf.backup
rm -f /etc/resolv.conf
And create a new /etc/resolv.conf
file with the following content:
nameserver 127.0.0.1 options edns0
Install the proxy as a system service
./dnscrypt-proxy -service install
./dnscrypt-proxy -service start
./dnscrypt-proxy -service stop
./dnscrypt-proxy -service restart
./dnscrypt-proxy -service uninstall
Want to check that DNS resolution works?
./dnscrypt-proxy -resolve example.com
Connect to 1.1.1.1 using DoH clients
Add cloudflare
and cloudflare-ipv6
to the server list in dnscrypt-proxy.toml
:
server_names = ['cloudflare', 'cloudflare-ipv6']
References
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/