Installation

Installation

---

How do I install DNSCrypt?

You can't. Because DNSCrypt is just a specification.

That specification has been implemented in software such as unbound, dnsdist, dnscrypt-wrapper, Simple DNSCrypt and dnscrypt-proxy.

dnscrypt-proxy is a flexible DNS proxy. It runs on your computer or router, and can locally block unwanted content, reveal where your devices are silently sending data to, make applications feel faster by caching DNS responses, and improve security and confidentiality by communicating to upstream DNS servers over secure channels.

OS-specific instructions

• Installing dnscrypt-proxy on Linux

Graphical front-ends

• Simple DNSCrypt is a simple management tool to configure dnscrypt-proxy on windows based systems.
• DNSCloak is a full-featured DNSCrypt client for iOS, with filtering, logging, caching, password protection and more. No jailbreak required.
• AdGuard Pro for iOS, Android, macOS and Windows embeds dnscrypt-proxy in a slick user interface.
• dnscrypt-proxy switcher is a plugin for Bitbar on macOS, to control dnscrypt-proxy usage from the menu bar.

Setting up dnscrypt-proxy (general guidelines)

1. Extract and adjust the configuration file dnscrypt-proxy.toml to your needs. In case you started fresh, ensure you backup your modified dnscrypt-proxy.toml file.

Note: You can choose a set of preferred servers in the dnscrypt-proxy.toml file.

Look for:

# server_names = ['scaleway-fr', 'google', 'yandex']

Change to the servers you would like to use and remove the leading #.

Example:

server_names = ['google', 'cloudflare']

When doing this filters are ignored if you explicitly name the set of resolvers to use ['google', 'cloudflare']

Filters are used when the list is empty, which means all resolvers from configured sources, matching the filters.

2. Make sure that nothing else is already listening to port 53 on your system and run (in a console with elevated privileges on Windows) the dnscrypt-proxy application.

Change your DNS settings to the configured IP address and check that everything works as expected.

./dnscrypt-proxy -resolve example.com

should return one of the chosen DNS servers instead of your ISP's resolver.

3. Register as a system service (see below).

---

Installing as a system service (Windows, Linux, MacOS)

With administrator privileges, type dnscrypt-proxy -service install to register dnscrypt-proxy as a system service, and dnscrypt-proxy -service start to start it.

If the file is in the current directory and not where other executable files are, use ./dnscrypt-proxy instead of just dnscrypt-proxy.

On Windows, this is not even required: you can just double-click on server-install.bat to install the service.

Done. It will automatically start at boot.

This setup procedure is compatible with Windows, Linux (systemd, Upstart, SysV), and macOS (launchd).

Other commands include stop, restart (useful after a configuration change) and uninstall.

Note that on Linux, kernel 2.6.23 or later is required.

Running it as a non-root user on Linux (manual installation)

The following command adds the required attributes to the dnscrypt-proxy file so that it can run as a non-root user:

sudo setcap cap_net_bind_service=+pe dnscrypt-proxy

---

Installing dnscrypt-proxy on MacOS as a system service

Using Homebrew - https://brew.sh

To install Homebrew type in Terminal:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

and to install dnscrypt-proxy with Homebrew type in Terminal:

brew install dnscrypt-proxy

And follow the instructions that are given in the Terminal. Please use the sudo command, i.e. run

sudo brew services [start|stop|restart] dnscrypt-proxy

to ensure that the dnscrypt-proxy service has the necessary root privileges.

Manual installation

Download the dnscrypt-proxy-macos-2.x.x.tar.gz

1. Extract the tar.gz file; move it to a location you would like to put it in. You can also rename the folder.

Example: Put it in the home directory and rename the folder to Dnscrypt.

Note: Make sure you change example-dnscrypt-proxy.toml to dnscrypt-proxy.toml it's located in the folder.

2. Install the dnscrypt-proxy service and start it by opening Terminal and entering:

sudo ~/Dnscrypt/dnscrypt-proxy -service install
sudo ~/Dnscrypt/dnscrypt-proxy -service start

Or

cd Dnscrypt
sudo ./dnscrypt-proxy -service install
sudo ./dnscrypt-proxy -service start

3. Now open Network Preferences and change the DNS server under Advanced and DNS tab.

Change it to 127.0.0.1 or ::1.

---

Installing dnscrypt-proxy on Pfsense (freebsd)

Installation

cd /tmp
fetch -m https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.0.8/dnscrypt-proxy-freebsd_arm-2.0.8.tar.gz
mkdir dnscrypt-proxy-freebsd_arm-2.0.8
tar -zxf dnscrypt-proxy-freebsd_arm-2.0.8.tar.gz -C dnscrypt-proxy-freebsd_arm-2.0.8
mv dnscrypt-proxy-freebsd_arm-2.0.8/freebsd-arm/dnscrypt-proxy /usr/local/bin/dnscrypt-proxy
chown root:root /usr/local/bin/dnscrypt-proxy
chmod +x /usr/local/bin/dnscrypt-proxy
cp dnscrypt-proxy-freebsd_arm-2.0.8/freebsd-arm/example-dnscrypt-proxy.toml /usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml

Adapt the configuration /usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml to your need.

Launch dnscrypt-proxy at boot

Add this script to /usr/local/etc/rc.d/dnscrypt-proxy.sh and set execution permissions chmod +x /usr/local/etc/rc.d/dnscrypt-proxy.sh

#!/bin/sh

# REQUIRE: NETWORKING

set -e

exec /usr/local/bin/dnscrypt-proxy -config /usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml

---