Skip to content

Installation Windows

lucenera edited this page Sep 3, 2019 · 9 revisions

Installation on Windows

Note: these instructions are for users familiar with the command line.

The easiest way to use dnscrypt-proxy on Windows is via Simple DNSCrypt instead.


Step 1: Get a PowerShell prompt

Launch PowerShell with elevated privileges.

Step 2: download and run dnscrypt-proxy

Download dnscrypt-proxy here: dnscrypt-proxy binaries.

There are quite a few files here, but dnscrypt-proxy-win64-*.zip is the one you want.

So, download this file and extract it wherever you want. In can be in your home directory, or wherever you want, really.

It is totally possible to have the executable file in one place, the configuration file in another place, the cache files elsewhere and the log files yet somewhere else. But if this is the first time you install the software, and you don't have any good reasons to makes things more complicated than they should be, just keep everything in the same directory. At least to start with, and to ensure that everything works as expected. Then, go crazy if you like. But please don't change everything before even starting the proxy once, and then complain that "it doesn't work". Start with something boring, and gradually tweak it. If you really need to.

Also, do not change your DNS settings at this point.

In the terminal, go to the directory you just extracted using the cd command, i.e. something like:

cd ~\Desktop

The ls command should print a bunch of files, among which dnscrypt-proxy and example-dnscrypt-proxy.toml.

Create a configuration file based on the example one:

cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml

And now, for something intense, go to the dnscrypt-proxy directory, and type:


Does it look like it started properly? If not, try to find out why. Here are some hints:

  • dnscrypt-proxy.toml: no such file or directory: copy the example configuration file as dnscrypt-proxy.toml as documented above.
  • listen udp bind: permission denied: you are not using an elevated PowerShell (see step 1).
  • listen udp bind: address already in use: something is already listening to the DNS port. Maybe something else, maybe a previous instance of dnscrypt-proxy that you didn't stop before starting a new one.

No errors? Amazing!

Don't close the terminal window yet. We're going to change the system DNS settings.

Step 3: change the system DNS settings

Open the network settings, and in the TCP/IP panel, remove all existing DNS IP addresses to replace them with:

Furthermore you will have to add as secondary DNS the one chosen as DNS fallback inside the dnscrypt-proxy.toml configuration file, '' for the default one, to allow the proxy the choice of DNS servers and the first negotiation of the keys.

Back to the command-line. If dnscrypt-proxy is running, hit Control and C in the terminal window to stop it.

Let's check that everything works by sending a first query using dnscrypt-proxy:

./dnscrypt-proxy -resolve

Looks like it was successfully able to resolve Sweet! Try a few more things: web browsing, file downloads, use your system normally and see if you can still connect without any DNS-related issues.

If anything ever goes wrong and you want to revert everything, open the network preferences pane, and delete all the DNS addresses you manually entered.

Step 4: Tweak the configuration file

Hit Control and C in the dnscrypt-proxy terminal window to stop it.

You must still be in the dnscrypt-proxy directory at this point.

The dnscrypt-proxy.toml file has plenty of options you can tweak. Tweak them if you like. But tweak them one by one, so that if you ever screw up, you will know what exact change made this happen.

The message bare keys cannot contain '\n' typically means that there is a syntax error in the configuration file.

Type ./dnscrypt-proxy to start the server, and Control-C to stop it. Test, tweak, stop, test, tweak, stop until you are satisfied.

Are you satisfied? Good, let's jump to step 5!

Step 5: install the proxy as a system service

Hit Control and C in the dnscrypt-proxy terminal window to stop the proxy.

Now, register this as a system service (still with elevated privileges):

./dnscrypt-proxy -service install

If it doesn't spit out any errors, this is great! Your edition of Windows is compatible with the built-in installer.

Now that it's installed, it can be started:

./dnscrypt-proxy -service start


If it does spit out errors, additional steps for your edition of Windows are required. Stay calm, do not drink coffee but hit the gym instead, then look for specific instructions.

Want to stop the service?

./dnscrypt-proxy -service stop

Want to restart the currently running service after a configuration file change?

./dnscrypt-proxy -service restart

Want to uninstall the service?

./dnscrypt-proxy -service uninstall

Want to check that DNS resolution works?

./dnscrypt-proxy -resolve

Want to completely delete that thing?

Delete the directory. Done.


In order to install a new version, just stop the service, replace the executable file (dnscrypt-proxy) with the new version, and start the service again.

Clone this wiki locally
You can’t perform that action at this time.