DNSCrypt [OpenNIC Wiki]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.
====== DNSCrypt ======
DNSCrypt is a protocol specifically designed to encrypt and authenticate DNS communication between a DNS client and a DNS resolver. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven't been tampered with.

Some of OpenNIC [[tier2|Tier 2]] [[https://servers.opennicproject.org/|servers]] support DNSCrypt. In order to get started with DNSCrypt at OpenNIC, you need five things:

(Example based on [[https://servers.opennicproject.org/edit.php?srv=ns1.any.dns.opennic.glue|ns1.any.dns.opennic.glue]])

  * dnscrypt-proxy installed - See [[https://dnscrypt.org/#install-dnscrypt|this]] for more information 
  * The servers IP address (''185.121.177.177'')
  * The DNSCrypt port this server is listening on for DNSCrypt encrypted queries (''5353'')
  * The DNSCrypt provider name (''2.dnscrypt-cert.dnsrec.meo.ws'')
  * The DNSCrypt provider key (''1A6A:D0A3:2B4C:5A61:A695:D153:670D:69AB:1690:3F9E:C3F7:F64F:13E5:35A3:18B2:28A5'')

You can test if the server is indeed configured correctly and working for you by executing:
  dnscrypt-proxy -r $IP:$PORT -N $NAME -k $KEY

Example:
  dnscrypt-proxy -r 185.121.177.177:5353 \
                 -N 2.dnscrypt-cert.dnsrec.meo.ws \
                 -k 1A6A:D0A3:2B4C:5A61:A695:D153:670D:69AB:1690:3F9E:C3F7:F64F:13E5:35A3:18B2:28A5
This example command should produce an output similar to this:
  [NOTICE] Proxying from 127.0.0.1:53 to 185.121.177.177:5353

If this is not the case and an error comes up, please double-check that you copied everything correctly and try with another server or port. Note: ''53'' is in most cases **not** the DNSCrypt port, it is ''443'' instead unless another port is specified.

Depending on which client you chose from the all the available ones, you might need to edit a CSV file, a configuration file or click through a few configuration settings in order to get started.

Once your DNSCrypt client is running, you can [[https://wiki.opennic.org/setup|point your local systems DNS settings]] to query at ''127.0.0.1:53'' (or a different port if you specified one with ''-a'' or ''--local-address='').