DNSCrypt

Introduction
DNSCrypt-Proxy allows you to encrypt DNS requests between your PC and several public name servers.

Prerequisites
Enable support for Extension Mechanisms for DNS: echo "options edns0 single-request-reopen" | sudo tee -a /etc/resolvconf/resolv.conf.d/tail

Force the use of the new resolver: echo "nameserver 127.0.0.1" | sudo tee -a /etc/resolvconf/resolv.conf.d/head

Installation
Download the latest available version of dnscrypt-proxy binaries: https://github.com/DNSCrypt/dnscrypt-proxy/releases

Check the integrity of the package:
 * 1) minisign -Vm dnscrypt-proxy-linux_x86_64-*.tar.gz -p signature.pub

Install the binaries: sudo mkdir -p /opt/dnscrypt-proxy sudo tar xfz dnscrypt-proxy-linux_x86_64-*.tar.gz -C /opt/dnscrypt-proxy --strip-components=1 sudo chown -R root:root /opt/dnscrypt-proxy cd /opt/dnscrypt-proxy sudo /opt/dnscrypt-proxy/dnscrypt-proxy -service install sudo systemctl enable dnscrypt-proxy.service

Configuration
Create the configuration file from the example file: if [ ! -f "/opt/dnscrypt-proxy/dnscrypt-proxy.toml" ]; then sudo cp -p /opt/dnscrypt-proxy/example-dnscrypt-proxy.toml /opt/dnscrypt-proxy/dnscrypt-proxy.toml sudo sed -i "s+^listen_addresses = .*+listen_addresses = ['127.0.0.1:53']+g" /opt/dnscrypt-proxy/dnscrypt-proxy.toml sudo sed -i "s+^block_ipv6 = .*+block_ipv6 = true+g"                        /opt/dnscrypt-proxy/dnscrypt-proxy.toml fi

Start the service: sudo systemctl start dnscrypt-proxy.service

Disable the resolver provided by systemd: sudo systemctl stop   systemd-resolved.service sudo systemctl disable systemd-resolved.service sudo systemctl mask   systemd-resolved.service

To test that everything works properly, go here and perform a "Standard test".