Installing dnscrypt-proxy on Linux

Get a root shell

sudo -s

check what else is possibly already listening to port 53

ss -lp 'sport = :domain'
systemctl stop systemd-resolved
systemctl disable systemd-resolved
ss -lp 'sport = :domain'

Download and run dnscrypt-proxy

Download dnscrypt-proxy here: dnscrypt-proxy binaries.

cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml

Change the system DNS settings

apt-get remove resolvconf
cp /etc/resolv.conf /etc/resolv.conf.backup
rm -f /etc/resolv.conf

And create a new /etc/resolv.conf file with the following content:

options edns0

Install the proxy as a system service

./dnscrypt-proxy -service install
./dnscrypt-proxy -service start
./dnscrypt-proxy -service stop
./dnscrypt-proxy -service restart
./dnscrypt-proxy -service uninstall

Want to check that DNS resolution works?

./dnscrypt-proxy -resolve

Connect to using DoH clients

Add cloudflare and cloudflare-ipv6 to the server list in dnscrypt-proxy.toml:

server_names = ['cloudflare', 'cloudflare-ipv6']