{"id":240,"date":"2025-02-07T14:08:42","date_gmt":"2025-02-07T12:08:42","guid":{"rendered":"https:\/\/nwps.fi\/wordpress\/?page_id=240"},"modified":"2026-04-06T17:15:34","modified_gmt":"2026-04-06T14:15:34","slug":"dnscrypt-en","status":"publish","type":"page","link":"https:\/\/nwps.fi\/wordpress\/dnscrypt-en\/","title":{"rendered":"DNSCrypt"},"content":{"rendered":"<script style=\"\">\n    \/\/ T\u00e4m\u00e4 vaihtaa vain teeman luokan, ei koske yksitt\u00e4isiin v\u00e4reihin\n    document.documentElement.classList.add('dark');\n    localStorage.setItem('theme', 'dark');\n<\/script>\n\n<style>\n    \/* Pakotetaan vain taustav\u00e4ri ja tekstin perusv\u00e4ri, \n       mutta ei kosketa taulukoihin tai muihin komponentteihin *\/\n    body {\n        background-color: #0a0a0a !important;\n        color: #ffffff !important;\n    }\n    \n    \/* Varmistetaan, ett\u00e4 linkit n\u00e4kyv\u00e4t *\/\n    a {\n        color: #4da6ff;\n    }\n<\/style>\n\n<p style=\"\" class=\"has-text-align-center has-small-font-size wp-block-paragraph\">[ <a href=\"https:\/\/nwps.fi\/mrtg\/dnscrypt-week.png\" data-type=\"link\" data-id=\"https:\/\/nwps.fi\/mrtg\/dnscrypt-week.png\">week<\/a> | <a href=\"https:\/\/nwps.fi\/mrtg\/dnscrypt-month.png\" data-type=\"link\" data-id=\"https:\/\/nwps.fi\/mrtg\/dnscrypt-month.png\">month<\/a> | <a href=\"https:\/\/nwps.fi\/mrtg\/dnscrypt-year.png\">year<\/a> ]<\/p>\n\n\n\n<figure style=\"\" class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/nwps.fi\/mrtg\/dnscrypt-day.png\" alt=\"\"\/><\/figure>\n\n\n\n<figure class=\"wp-block-table is-style-stripes is-style-stripes--1\" style=\"font-size:0.6rem;\"><table><tbody><tr><td>Name<\/td><td>2.dnscrypt-cert.nwps.fi<\/td><\/tr><tr><td>Location<\/td><td>Helsinki, Finland<\/td><\/tr><tr><td>Public key<\/td><td>ba8af36ed73f256114d0a06118b656baf22721e19df91e427041d84be488cfb7<\/td><\/tr><tr><td><\/td><td><strong>Caching, non-censoring, non-logging, DNSSEC-capable<\/strong><\/td><\/tr><tr><td>DNS Stamp<\/td><td>sdns:\/\/AQcAAAAAAAAAETk1LjIxNy4xMS42Mzo4NDQzILqK827XPyVhFNCgYRi2VrryJyHhnfkeQnBB2EvkiM-3FzIuZG5zY3J5cHQtY2VydC5ud3BzLmZp<\/td><\/tr><tr><td>Anonymized DNS relaying<\/td><td>sdns:\/\/gRE5NS4yMTcuMTEuNjM6ODQ0Mw<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr style=\"\" class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 style=\"\" id=\"what-is-dnscrypt\" class=\"wp-block-heading\">What is DNSCrypt?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\">DNSCrypt is a protocol that adds encryption and authentication to DNS queries, making web browsing more secure and private. Its purpose is to protect DNS queries, which are normally sent unencrypted, from third-party eavesdropping or modification.<\/p>\n\n\n\n<h3 style=\"\" id=\"benefits-of-dnscrypt\" class=\"wp-block-heading\">Benefits of DNSCrypt<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\">\u2705 <strong>Encrypted traffic<\/strong> \u2013 Prevents DNS queries from being intercepted and spied on.<br>\u2705 <strong>Data integrity<\/strong> \u2013 Ensures that DNS responses are not tampered with.<br>\u2705 <strong>Privacy<\/strong> \u2013 Hides DNS queries from ISPs and other third parties.<br>\u2705 <strong>Protection against misuse<\/strong> \u2013 Reduces the risk of DNS spoofing and MITM attacks.<\/p>\n\n\n\n<hr style=\"\" class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 style=\"\" id=\"how-to-use-dnscrypt\" class=\"wp-block-heading\">How to Use DNSCrypt<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\">Using DNSCrypt requires installing and configuring a DNSCrypt client. Below are setup instructions for Windows, Linux, and macOS.<\/p>\n\n\n\n<h4 style=\"\" id=\"1-windows\" class=\"wp-block-heading\"><strong>1. Windows<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\"><strong>Install DNSCrypt Proxy:<\/strong><\/p>\n\n\n\n<ul style=\"\" class=\"wp-block-list\">\n<li style=\"\">Download DNSCrypt Proxy and extract the files.<\/li>\n\n\n\n<li style=\"\">Configure the <code>dnscrypt-proxy.toml<\/code> file properly. Select your preferred DNS server from the resolver list (e.g., public resolvers).<\/li>\n\n\n\n<li style=\"\">Run <code>dnscrypt-proxy<\/code> as a background service or application.<\/li>\n\n\n\n<li style=\"\"><strong>Alternative:<\/strong> Use applications like <em>Simple DNSCrypt<\/em>, which offers a graphical user interface.<\/li>\n<\/ul>\n\n\n\n<h4 style=\"\" id=\"2-linux\" class=\"wp-block-heading\"><strong>2. Linux<\/strong><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\">Here&#8217;s a step-by-step guide to installing <strong>dnscrypt-proxy<\/strong> on <strong>Ubuntu\/Debian<\/strong> and configuring it to use only the specified <strong>DNS server<\/strong> (<code>sdns:\/\/AQc...<\/code>).<\/p>\n\n\n\n<hr style=\"\" class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 style=\"\" id=\"%25f0%259f%2593%258c-step-1-install-dnscryptproxy\" class=\"wp-block-heading\">\ud83d\udccc <strong>Step 1: Install dnscrypt-proxy<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\">Open a terminal and run the following commands:<\/p>\n\n\n\n<ol style=\"\" class=\"wp-block-list\">\n<li style=\"\"><strong>Update package lists:<\/strong> <code>sudo apt update<\/code><\/li>\n\n\n\n<li style=\"\"><strong>Install dnscrypt-proxy:<\/strong> <code>sudo apt install dnscrypt-proxy -y<\/code><\/li>\n<\/ol>\n\n\n\n<hr style=\"\" class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 style=\"\" id=\"%25f0%259f%2593%258c-step-2-configure-dnscryptproxy\" class=\"wp-block-heading\">\ud83d\udccc <strong>Step 2: Configure dnscrypt-proxy<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\">Now, let&#8217;s modify the configuration to use <strong>only<\/strong> the specified server.<\/p>\n\n\n\n<ol style=\"\" class=\"wp-block-list\">\n<li style=\"\"><strong>Open the configuration file in Nano:<\/strong> <code>sudo nano \/etc\/dnscrypt-proxy\/dnscrypt-proxy.toml<\/code><\/li>\n\n\n\n<li style=\"\"><strong>Modify the settings:<\/strong>\n<ul style=\"\" class=\"wp-block-list\">\n<li style=\"\">Find the line that starts with <code>server_names<\/code> and <strong>comment it out<\/strong> or leave it empty: <code># server_names = []<\/code><\/li>\n\n\n\n<li style=\"\">Add a <strong>static server configuration<\/strong>: <code>[static.\"nwps\"] stamp = \"sdns:\/\/AQcAAAAAAAAAETk1LjIxNy4xMS42Mzo4NDQzILqK827XPyVhFNCgYRi2VrryJyHhnfkeQnBB2EvkiM-3FzIuZG5zY3J5cHQtY2VydC5ud3BzLmZp\"<\/code><\/li>\n\n\n\n<li style=\"\">Force dnscrypt-proxy to <strong>use only<\/strong> this server: <code>server_names = [\"nwps\"]<\/code><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li style=\"\"><strong>Save and exit:<\/strong>\n<ul style=\"\" class=\"wp-block-list\">\n<li style=\"\">Press <code>CTRL + X<\/code>, then <code>Y<\/code>, and hit <code>Enter<\/code>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<hr style=\"\" class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 style=\"\" id=\"%25f0%259f%2593%258c-step-3-restart-and-enable-the-service\" class=\"wp-block-heading\">\ud83d\udccc <strong>Step 3: Restart and Enable the Service<\/strong><\/h2>\n\n\n\n<ol style=\"\" class=\"wp-block-list\">\n<li style=\"\"><strong>Restart dnscrypt-proxy:<\/strong> <code>sudo systemctl restart dnscrypt-proxy<\/code><\/li>\n\n\n\n<li style=\"\"><strong>Enable dnscrypt-proxy to start on boot:<\/strong> <code>sudo systemctl enable dnscrypt-proxy<\/code><\/li>\n\n\n\n<li style=\"\"><strong>Check service status:<\/strong> <code>sudo systemctl status dnscrypt-proxy<\/code> You should see something like: <code>Active: active (running)<\/code><\/li>\n<\/ol>\n\n\n\n<hr style=\"\" class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 style=\"\" id=\"%25f0%259f%2593%258c-step-4-configure-your-system-to-use-dnscryptproxy\" class=\"wp-block-heading\">\ud83d\udccc <strong>Step 4: Configure Your System to Use dnscrypt-proxy<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\">By default, <code>dnscrypt-proxy<\/code> listens on <code>127.0.2.1:53<\/code>. To make your system use it:<\/p>\n\n\n\n<ol style=\"\" class=\"wp-block-list\">\n<li style=\"\"><strong>Edit resolv.conf (temporary change):<\/strong> <code>sudo nano \/etc\/resolv.conf<\/code> Replace existing <code>nameserver<\/code> lines with: <code>nameserver 127.0.2.1<\/code><\/li>\n\n\n\n<li style=\"\"><strong>Prevent systemd-resolved from overwriting the settings (for persistent change):<\/strong> <code>sudo systemctl disable --now systemd-resolved ; sudo rm -f \/etc\/resolv.conf ; echo \"nameserver 127.0.2.1\" | sudo tee \/etc\/resolv.conf<\/code><\/li>\n<\/ol>\n\n\n\n<hr style=\"\" class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 style=\"\" id=\"%25f0%259f%2593%258c-step-5-test-the-dns-configuration\" class=\"wp-block-heading\">\ud83d\udccc <strong>Step 5: Test the DNS Configuration<\/strong><\/h2>\n\n\n\n<ol style=\"\" class=\"wp-block-list\">\n<li style=\"\"><strong>Check if your system is using dnscrypt-proxy:<\/strong> <code>dig @127.0.2.1 example.com<\/code> You should see a valid response.<\/li>\n\n\n\n<li style=\"\"><strong>Verify the DNS server:<\/strong> <code>dnscrypt-proxy -resolve example.com<\/code> The output should show that it is resolving queries via your configured server (<code>95.217.11.63:8443<\/code>).<\/li>\n<\/ol>\n\n\n\n<hr style=\"\" class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 style=\"\" id=\"%25e2%259c%2585-done\" class=\"wp-block-heading\">\u2705 <strong>Done!<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\">Your system is now using <strong>dnscrypt-proxy<\/strong> with only the specified secure DNS server. \ud83d\ude80<\/p>\n\n\n\n<h4 style=\"\" id=\"3-macos\" class=\"wp-block-heading\"><strong>3. macOS<\/strong><\/h4>\n\n\n\n<ul style=\"\" class=\"wp-block-list\">\n<li style=\"\">Use an app like <em>DNSCrypt Menubar<\/em>, which is easy to install and use.<\/li>\n\n\n\n<li style=\"\">Alternatively, install DNSCrypt Proxy and configure it manually.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\" style=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ week | month | year ] Name 2.dnscrypt-cert.nwps.fi Location Helsinki, Finland Public key ba8af36ed73f256114d0a06118b656baf22721e19df91e427041d84be488cfb7 Caching, non-censoring, non-logging, DNSSEC-capable DNS Stamp sdns:\/\/AQcAAAAAAAAAETk1LjIxNy4xMS42Mzo4NDQzILqK827XPyVhFNCgYRi2VrryJyHhnfkeQnBB2EvkiM-3FzIuZG5zY3J5cHQtY2VydC5ud3BzLmZp Anonymized DNS relaying sdns:\/\/gRE5NS4yMTcuMTEuNjM6ODQ0Mw What is DNSCrypt? DNSCrypt is a protocol that adds encryption and authentication to DNS queries, making web browsing more secure and private. Its purpose is to protect DNS queries, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"footnotes":""},"class_list":["post-240","page","type-page","status-publish","hentry"],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/nwps.fi\/wordpress\/wp-json\/wp\/v2\/pages\/240","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nwps.fi\/wordpress\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nwps.fi\/wordpress\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nwps.fi\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nwps.fi\/wordpress\/wp-json\/wp\/v2\/comments?post=240"}],"version-history":[{"count":7,"href":"https:\/\/nwps.fi\/wordpress\/wp-json\/wp\/v2\/pages\/240\/revisions"}],"predecessor-version":[{"id":600,"href":"https:\/\/nwps.fi\/wordpress\/wp-json\/wp\/v2\/pages\/240\/revisions\/600"}],"wp:attachment":[{"href":"https:\/\/nwps.fi\/wordpress\/wp-json\/wp\/v2\/media?parent=240"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}