DNSCrypt is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.
Free, DNSCrypt-enabled resolvers are available all over the world.
pacman -S dnscrypt-proxy
Check also the link for other devices.
Change your dnscrypt-proxy.toml
config file.
nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml
server_names = ['digitalprivacy.diy-dnscrypt-ipv4', 'digitalprivacy.diy-dnscrypt-ipv6']
If you're going to use Unbound and AdGuardHome you'll need to change the listen_addresses
as well.
listen_addresses = ['127.0.0.1:5300']
Go to the bottom routes = [
and add:
routes = [ { server_name='2.dnscrypt-cert.digitalprivacy.diy', via=['anon-digitalprivacy.diy-ipv4', 'anon-digitalprivacy.diy-ipv6'] } ]
systemctl enable --now dnscrypt-proxy.service
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
requires a restart of the service. Keep that in mind.systemctl restart dnscrypt-proxy.service