Installing dnscrypt-proxy on Linux

Get a root shell

sudo -s

check what else is possibly already listening to port 53

ss -lp 'sport = :domain'
systemctl stop systemd-resolved
systemctl disable systemd-resolved
ss -lp 'sport = :domain'

Download and run dnscrypt-proxy

Download dnscrypt-proxy here: dnscrypt-proxy binaries.

cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
./dnscrypt-proxy

Change the system DNS settings

apt-get remove resolvconf
cp /etc/resolv.conf /etc/resolv.conf.backup
rm -f /etc/resolv.conf

And create a new /etc/resolv.conf file with the following content:

nameserver 127.0.0.1
options edns0

Install the proxy as a system service

./dnscrypt-proxy -service install
./dnscrypt-proxy -service start
./dnscrypt-proxy -service stop
./dnscrypt-proxy -service restart
./dnscrypt-proxy -service uninstall

Want to check that DNS resolution works?

./dnscrypt-proxy -resolve example.com

Connect to 1.1.1.1 using DoH clients

Add cloudflare and cloudflare-ipv6 to the server list in dnscrypt-proxy.toml:

server_names = ['cloudflare', 'cloudflare-ipv6']

References
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux
https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/dns-over-https-client/