Installation on Windows
Note: these instructions are for users familiar with the command line.
The easiest way to use
dnscrypt-proxy on Windows is via Simple DNSCrypt instead.
Step 1: Get a PowerShell prompt
Launch PowerShell with elevated privileges.
Step 2: download and run dnscrypt-proxy
Download dnscrypt-proxy here: dnscrypt-proxy binaries.
There are quite a few files here, but
dnscrypt-proxy-win64-*.zip is the one you want.
So, download this file and extract it wherever you want. In can be in your home directory, or wherever you want, really.
It is totally possible to have the executable file in one place, the configuration file in another place, the cache files elsewhere and the log files yet somewhere else. But if this is the first time you install the software, and you don't have any good reasons to makes things more complicated than they should be, just keep everything in the same directory. At least to start with, and to ensure that everything works as expected. Then, go crazy if you like. But please don't change everything before even starting the proxy once, and then complain that "it doesn't work". Start with something boring, and gradually tweak it. If you really need to.
Also, do not change your DNS settings at this point.
In the terminal, go to the directory you just extracted using the
cd command, i.e. something like:
ls command should print a bunch of files, among which
Create a configuration file based on the example one:
cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
And now, for something intense, go to the dnscrypt-proxy directory, and type:
Does it look like it started properly? If not, try to find out why. Here are some hints:
dnscrypt-proxy.toml: no such file or directory: copy the example configuration file as
dnscrypt-proxy.tomlas documented above.
listen udp 127.0.0.1:53: bind: permission denied: you are not using an elevated PowerShell (see step 1).
listen udp 127.0.0.1:53: bind: address already in use: something is already listening to the DNS port. Maybe something else, maybe a previous instance of dnscrypt-proxy that you didn't stop before starting a new one.
No errors? Amazing!
Don't close the terminal window yet. We're going to change the system DNS settings.
Step 3: change the system DNS settings
Open the network settings, and in the TCP/IP panel, remove all existing DNS IP addresses to replace them with:
Furthermore you will have to add as secondary DNS the one chosen as DNS fallback inside the dnscrypt-proxy.toml configuration file, '126.96.36.199' for the default one, to allow the proxy the choice of DNS servers and the first negotiation of the keys.
Back to the command-line. If dnscrypt-proxy is running, hit
C in the terminal window to stop it.
Let's check that everything works by sending a first query using dnscrypt-proxy:
./dnscrypt-proxy -resolve example.com
Looks like it was successfully able to resolve
example.com? Sweet! Try a few more things: web browsing, file downloads, use your system normally and see if you can still connect without any DNS-related issues.
If anything ever goes wrong and you want to revert everything, open the network preferences pane, and delete all the DNS addresses you manually entered.
Step 4: Tweak the configuration file
C in the
dnscrypt-proxy terminal window to stop it.
You must still be in the
dnscrypt-proxy directory at this point.
dnscrypt-proxy.toml file has plenty of options you can tweak. Tweak them if you like. But tweak them one by one, so that if you ever screw up, you will know what exact change made this happen.
bare keys cannot contain '\n' typically means that there is a syntax error in the configuration file.
./dnscrypt-proxy to start the server, and
C to stop it. Test, tweak, stop, test, tweak, stop until you are satisfied.
Are you satisfied? Good, let's jump to step 5!
Step 5: install the proxy as a system service
C in the
dnscrypt-proxy terminal window to stop the proxy.
Now, register this as a system service (still with elevated privileges):
./dnscrypt-proxy -service install
If it doesn't spit out any errors, this is great! Your edition of Windows is compatible with the built-in installer.
Now that it's installed, it can be started:
./dnscrypt-proxy -service start
If it does spit out errors, additional steps for your edition of Windows are required. Stay calm, do not drink coffee but hit the gym instead, then look for specific instructions.
Want to stop the service?
./dnscrypt-proxy -service stop
Want to restart the currently running service after a configuration file change?
./dnscrypt-proxy -service restart
Want to uninstall the service?
./dnscrypt-proxy -service uninstall
Want to check that DNS resolution works?
./dnscrypt-proxy -resolve example.com
Want to completely delete that thing?
Delete the directory. Done.
In order to install a new version, just stop the service, replace the executable file (
dnscrypt-proxy) with the new version, and start the service again.