dnscrypt-proxy is a flexible DNS proxy with support for encrypted DNS protocols including DNS-over-HTTPS (DoH), DNS-over-TLS (DoT), and DNSCrypt. It protects DNS queries from eavesdropping and man-in-the-middle attacks, enhancing privacy and security for all network applications.
📑 Table of Contents
Beyond encryption, dnscrypt-proxy offers DNS-based ad blocking, caching, load balancing between multiple resolvers, and query logging. It’s an essential tool for privacy-conscious users and organizations seeking to protect their DNS traffic.
Key Features
- Multiple Protocols – DoH, DoT, DNSCrypt support
- Privacy Protection – Encrypted DNS queries
- Ad Blocking – Built-in blocklist support
- Caching – Local DNS response caching
- Load Balancing – Multiple upstream resolvers
- IPv6 Support – Full dual-stack support
Installation
sudo apt install dnscrypt-proxy # Debian/Ubuntu
sudo dnf install dnscrypt-proxy # Fedora
# Download from GitHub
wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/latest/download/dnscrypt-proxy-linux_x86_64.tar.gzBasic Configuration
# /etc/dnscrypt-proxy/dnscrypt-proxy.toml
listen_addresses = ['127.0.0.1:53']
server_names = ['cloudflare', 'google']
doh_servers = true
require_dnssec = true
cache = true
cache_size = 4096
# Start service
sudo systemctl enable --now dnscrypt-proxyUse Cases
- Privacy Protection – Hide DNS queries from ISP
- Security – Prevent DNS spoofing
- Ad Blocking – Network-wide ad filtering
- DNSSEC Validation – Verify DNS responses
Was this article helpful?