Now that it's installed, it can be started. Test, tweak, stop, test, tweak, stop until you are satisfied. dnscrypt-proxy to start the server, and Control-C to stop it. Tar zxf dnscrypt-proxy-linux_x86_64-2.0.12.tar.gzĬp example-dnscrypt-proxy.toml dnscrypt-proxy.tomlĬhange the system DNS settings apt-get remove resolvconfĬp /etc/nf /etc/Įcho "nameserver 127.0.0.1" > /etc/nfĮcho "options edns0 single-request-reopen" > /etc/nf Installing dnscrypt-proxy on Linux cd /opt That one cannot be uninstalled, but can be disabled with the following commands: systemctl stop systemd-resolved You may also see the port being served by systemd-resolve. Uninstall the corresponding package (in the above example: unbound), with a distribution-specific command such as apt-get remove or pacman -R, then check again with ss -lp 'sport = :domain': there shouldn't be anything listening to the domain port any more. Type the following command: ss -lp 'sport = :domain' Both can be used simultaneously, but this is outside of the scope of this guide (or, at least, of this Wiki page). If you already have a local DNS cache, it has to be eventually replaced with dnscrypt-proxy. Step 2: check what else is possibly already listening to port 53 Set up a network interface for DNS listeningĮdit /etc/network/interfaces with the following content auto lo:lo4 This is based on (but not the same as) the strongSwan documentation and this guide: This setup is for remote users to connect into an office/home LAN using a VPN (ipsec).
StrongSwan IKEv2 for macOS, iOS 11, Windows 10 and BlackBerry 10 With Local DNS Cache (Unbound), Dnscrypt-proxy + (Cloudflare DoH) for IPv4/6