How to Encrypt Your DNS With DNSCrypt on Ubuntu and Debian -

Even if you encrypt your traffic with HTTPS or even use a VPN, in some cases, your DNS traffic remains open and readily readable to your ISP and the rest of the world.
This is a companion discussion topic for the original entry at


Thanks for this tutorial. How can this be used with IPv6?



Tried to follow this on Ubuntu 18.04.1 LTS, but needed some alterations:

  • The configuration file is /etc/dnscrypt-proxy/dnscrypt-proxy.conf
  • The server option is called ResolverName, not server_names.
  • The configuration is already set to a specific value ‘fvz-anyone’ (not sure if it takes multiple values).
  • This value ‘fvz-anyone’ is not listed on the page linked in the article.
  • There is a csv file that lists permitted values at a link I cannot post as a new user.
  • In this list, ‘cloudflare’ does not occur.

Apparently very divergent versions exist…?


Your queries are fully encrypted, but the DNSCrypt server that you are using can still see exactly what it is that you are querying for.


Yes, a very divergent versions exists, because the first developer doesn’t maintain it anymore, the version that is being maintained now is called dnscrypt-proxy 2, maintained by jedisct1. (I can’t link Github repository because I just registered, you can find it easily with Google)


That’s why the software has a list of servers, if you test dnscypt-proxy with something like dnsleaktest you can see it uses many different DNS servers.

(You can argue that the list is hosted on a Github repository, but you can always configure it to use other servers.)