DNSCrypt client proxy
The DNSCrypt client proxy relays DNS queries to a DNSCrypt enabled upstream
resolver. The traffic between the client and the upstream resolver is
encrypted and authenticated, mitigating the risk of MITM attacks, DNS
poisoning attacks, and third-party snooping (assuming the upstream is
trustworthy).
Basic configuration
To enable the client proxy, set
= true;
Enabling the client proxy does not alter the system nameserver; to relay
local queries, prepend 127.0.0.1 to
.
As a forwarder for another DNS client
To run the DNSCrypt proxy client as a forwarder for another DNS client,
change the default proxy listening port to a non-standard value and point
the other client to it:
= 43;
dnsmasq
{
= true;
= [ "127.0.0.1#43" ];
}
unbound
{
= true;
= [ "127.0.0.1@43" ];
}