- Download the DNSCrypt tarball from http://download.dnscrypt.org/dnscrypt-proxy/ . At the time of writing, the latest version was dnscrypt-proxy-1.3.0.tar.gz
tar xvf dnscrypt-proxy-1.3.0.tar.gz && cd dnscrypt-proxy-1.3.0 ./configure make -j4 sudo make install
- Create a new system user to run the service:
sudo adduser -m -N -r -s /bin/false dnscrypt
- Now start the service in the foreground to make sure everything is working:
sudo dnscrypt-proxy -u dnscrypt
- Change your system DNS server to 127.0.0.1. There are many ways to do this. The adventurous can edit the appropriate script in /etc/sysconfig/network-scripts/. If you don't have NetworkManager installed, editing /etc/resolv.conf would work too. Gnome users: click on the network icon, click 'Network Settings', select the connection and click 'Options'. Then in the 'IPv4 Settings' tab, set the 'Method' to 'Automatic (DHCP) Addresses Only' and type in 127.0.0.1 in the 'DNS Servers' text box.
- Restart network service for the DNS server changes to take effect.
sudo systemctl restart network.service
- Now you can verify that the changes have taken effect by running dig google.com and checking the output for the line: SERVER: 127.0.0.1#53(127.0.0.1). Alternatively, navigate to http://www.opendns.com/welcome/ using a web browser. The screen will tell you whether you are using OpenDNS or not.
- As root, create the file /etc/systemd/system/dnscrypt.service with the following content:
- Refresh the system daemon:
sudo systemctl daemon-reload
- Now the dnscrpyt service will start automatically on every boot. You can manually start or stop the service by issuing the usual systemctl commands as well.
sudo systemctl start dnscrypt.service