Using DNSCrypt Resolvers in Windows

This tutorial will guide you through the steps to set up DNSCrypt resolvers on a Windows machine.

Steps

Step 1: Download DNSCrypt Proxy

  1. Visit the DNSCrypt Proxy releases page on GitHub.
  2. Download the latest version of dnscrypt-proxy-win64.zip for 64-bit Windows or dnscrypt-proxy-win32.zip for 32-bit Windows.

Step 2: Extract the Archive

  1. Right-click the downloaded ZIP file and select "Extract All..."
  2. Choose a destination folder and click "Extract".

Step 3: Configure DNSCrypt Proxy

  1. Navigate to the extracted folder.
  2. Open the dnscrypt-proxy folder.
  3. Copy/rename example-dnscrypt-proxy.toml to dnscrypt-proxy.toml.
  4. Edit the dnscrypt-proxy.toml file using a text editor (e.g., Notepad).
  5. Search for [sources] in the file and add the following block:
  ### dnscry.pt servers - See https://www.dnscry.pt

  [sources.dnscry-pt-resolvers]
    urls = ["https://www.dnscry.pt/resolvers.md"]
    minisign_key = "RWQM31Nwkqh01x88SvrBL8djp1NH56Rb4mKLHz16K7qsXgEomnDv6ziQ"
    cache_file = "dnscry.pt-resolvers.md"
    refresh_delay = 72
    prefix = "dnscry.pt-"
  1. (optional) By default, dnscrypt-proxy will pick the servers with the lowest latency. You may configure the server_names parameter to specify the resolvers you want to use. For example: toml server_names = ['dnscry.pt-frankfurt02-ipv4', 'dnscry.pt-brussels-ipv6']

Step 4: Install DNSCrypt Proxy as a Service

  1. Open Command Prompt as Administrator:
    • Press Win + X and select "Command Prompt (Admin)" or "Windows PowerShell (Admin)".
  2. Navigate to the dnscrypt-proxy directory: sh cd path\to\dnscrypt-proxy
  3. Install the DNSCrypt proxy service by running: sh dnscrypt-proxy.exe --service install
  4. Start the DNSCrypt proxy service: sh dnscrypt-proxy.exe --service start

Step 5: Configure Network Adapter

  1. Open the Control Panel and go to "Network and Sharing Center".
  2. Click on "Change adapter settings" on the left sidebar.
  3. Right-click your active network connection and select "Properties".
  4. Select "Internet Protocol Version 4 (TCP/IPv4)" and click "Properties".
  5. Check "Use the following DNS server addresses" and enter 127.0.0.1 for both the preferred and alternate DNS server.
  6. Click "OK" to apply the changes.

Step 6: Verify DNSCrypt is Working

  1. Open Command Prompt and run: sh nslookup -type=txt debug.opendns.com
  2. You should see a response that includes dnscrypt in the output, indicating that DNSCrypt is working correctly.

Troubleshooting

  • If you encounter issues, check the dnscrypt-proxy.log file in the dnscrypt-proxy directory for error messages.
  • Ensure that no other DNS services are running on port 53, as this could interfere with DNSCrypt.