Skip to content


Saitama edited this page Mar 10, 2019 · 2 revisions

Checking that your DNS traffic is encrypted and authenticated

Once everything has been setup, if you want to verify that your DNS traffic is actually encrypted and authenticated, here are a couple things you can try:

Stop or pause the proxy

On Unix systems, the following command will pause the proxy:

pkill -STOP dnscrypt-proxy

If applications cannot resolve anything any more, it probably means that all your DNS traffic was going through the proxy, and was therefore encrypted and authenticated.

To resume execution, use the following command:

pkill -CONT dnscrypt-proxy

Alternatively, you can completely stop and restart it.

On Windows systems, you can stop/start the service.

Block a domain

Add a filter to block a name that is very likely to resolve under normal circumstances.

If you can't access it any more, it means that your DNS traffic is using the proxy, and is therefore encrypted. If you still do, then make sure to flush your DNS cache and restart dnscrypt-proxy service.

Enable query logging

Enable query logging, use your device normally, and check that the log file gets filled by queries you just made.

Clone this wiki locally
You can’t perform that action at this time.