[VPS] DNSCrypt-Proxy on Bookworm with Dnscry.pt

Hi there, today I want to share an easy way to set up your own DNS server with the help of DNSCrypt-Proxy tool. At the time of writing this post, the package: dnscrypt-proxy is not available on Debian 12 (Bookworm), that’s why I’ll use DNSCrypt-Proxy latest-version release from its github official page. You must know that DNSCrypt-Proxy already include popular DNSCrypt servers like: Cloudflare, Google, Quad9 and more, however, I’ll not use any of those servers, instead I’ll will use a great free service called: Dnscry.pt, they provide a list of resolvers (currently based on 35+ countries) so it’ll check the latency and pick the server with the lowest RTT.


About DNSCry.pt

DNSCry.pt is a free service running by Alexander Brügmann, according to its LowEndSpirit post: “In a nutshell, DNSCrypt is a protocol which encrypt and authenticates your DNS requests, so that a third party (like your ISP) can no longer tinker with them. You have to run a DNSCrypt client like dnscrypt-proxy locally or in your network and point your DNS requests there instead of towards your Wi-Fi router or public resolvers like Google’s 8.8.8.8. Your DNSCrypt client will take care of the encryption and forward your requests to a public DNSCrypt resolver (like one of those I run for dnscry.pt). None of the resolvers do any filtering of any kind. I don’t store any logs of your requests. All I do is collect metrics using Munin.

More About DNSCry.pt

About the VPS Instance

For this post I’ll be using a regular VPS instance from Vultr located at Tokyo, which include:

  • 1 Core (Intel Core Processor at 2394.454 Mhz)
  • 1GB RAM
  • 25GB Disk SSD
  • 1TB Monthly Bandwidth
  • 1 IPv4/IPv6
  • Location: Tokyo, Japan
  • OS: Debian 12 (Bookworm)

Go to Vultr Website

About YogaDNS

I’ll be using YogaDNS on Windows 10 as DNSCrypt client. According to its website: “YogaDNS automatically intercepts DNS requests at the system level and allows you to process them over user-defined DNS servers using modern protocols and flexible rules.

Go to YogaDNS Website

Step #1: Downloading DNSCrypt-Proxy

After upgrading your OS installation, download DNSCrypt-Proxy and install some additional utilities by executing this command line:

apt install dnsutils jq wget nano -y; wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.1.4/dnscrypt-proxy-linux_x86_64-2.1.4.tar.gz; tar -xf dnscrypt-proxy-linux_x86_64-2.1.4.tar.gz; cd linux-x86_64


Step #2: Downloading DNSCry.pt Resolvers

It’s time to download the list of DNSCry.pt resolvers, do that by executing:

mkdir /var/cache/dnscrypt-proxy; wget -O /var/cache/dnscrypt-proxy/dnscry.pt-resolvers.md https://www.dnscry.pt/resolvers.md


Step #3: Configuring DNSCrypt-Proxy Through DNSCry.pt

You need to modify some settings in the DNSCrypt-Proxy config file, I’ll use nano to edit the file but you can use your favorite editor, do that by executing:

cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml; nano dnscrypt-proxy.toml

Replace:

listen_addresses = ['127.0.0.1:53'] to listen_addresses = ['[::]:53']
ipv6_servers = false to ipv6_servers = true

Commentout all the “Servers” section:

Add DNSCry.pt Resolvers:

[sources.dnscry-pt-resolvers]
urls = ["https://www.dnscry.pt/resolvers.md"]
minisign_key = "RWQM31Nwkqh01x88SvrBL8djp1NH56Rb4mKLHz16K7qsXgEomnDv6ziQ"
cache_file = "/var/cache/dnscrypt-proxy/dnscry.pt-resolvers.md"
refresh_delay = 72
prefix = "dnscry.pt-"

Save the changes.


Step #4: Install and Activate DNSCrypt-Proxy

Lastly, to install and activate DNSCrypt-Proxy as a service is quite simple, do that by executing:

./dnscrypt-proxy -service install && ./dnscrypt-proxy -service start && echo -e "nameserver 127.0.0.1" > /etc/resolv.conf && cat /etc/resolv.conf


Step #5: Opening Port 53 on Vultr Instance [Optional – For Vultr Instances Only]

If you’re on a Vultr instance, you must open port 53 udp, do that by executing:

iptables -A INPUT -p udp --dport 53 -j ACCEPT


Results:


Conclusion:

DNSCrypt-Proxy can turn a VPS instance into a DNS server, automatically, this can be a good alternative other DNS tools like Unbound and to network managers like Adguard Home, DNSCrypt-Proxy is way more simple with less features but a great option on low-end servers.

Feel free to ask any question.


Sources:

Loading


This is a honest review, as you can see there's no ads nor affiliate links on my blog. All reviews of servers, apps, devices and tools are original content generated by myself. There's not any commercial influence on my blog content from any company nor project developers. Support my website & reviews through PayPal.

[VPS] DNSCrypt-Proxy on Bookworm with Dnscry.pt
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Scroll to top