Install dnscrypt-proxy on Archlinux or Manjaro

dnscrypt-proxy.md

Step 1 - Install and Configure dnscrypt-proxy

sudo su
pacman -S dnscrypt-proxy

cd /etc/dnscrypt-proxy/
vim dnscrypt-proxy.toml

• Choose dns resolver

https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md

server_names = ['scaleway-fr', 'soltysiak', 'cloudflare', 'doh-blahdns-de']

• Configure Liste address on port 53000

listen_addresses = ['127.0.0.1:53000', '[::1]:53000']

• Enable dns cache

cache = true

• Start service and add it ot the boot time

systemctl start dnscrypt-proxy
systemctl enable dnscrypt-proxy

Step 2 - Install and Configure Dnsmasq

pacman -S dnsmasq
vim /etc/dnsmasq.conf

• Configure Dnsmasq

no-resolv
server=::1#53000
server=127.0.0.1#53000
listen-address=::1,127.0.0.1

• DNSSEC Validation

conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec

• Start service and add it to the boot time

systemctl start dnsmasq
systemctl enable dnsmasq

Step 3 - Edit resolv.conf

vim /etc/resolv.conf

• Change resolver to local Dnsmasq

nameserver ::1
nameserver 127.0.0.1
options edns0 single-request-reopen

Step 4 - Checking the Result

https://www.dnsleaktest.com/

Additional:

permanent /etc/resolv.conf file

chattr +i /etc/resolv.conf

📝 with ♥️ by ndlr

It was a little tortuous, but it worked finally! Thank you for sharing!

I disabled DNSSEC because alidns-doh or cloudflare may not support it. I am not sure that.

insecure ds reply received for org, check domain configuration and upstream dns server dnssec support

Thank you very much for this guide

How Check dnsmasq work :

1. install bind package : sudo pacman -S bind
2. dig google.com ---> Check Query time. it should be something like : 150msec
3. again type google.com ---> Check Query Time. it should be Zero : 0msec

Should I enable cache on dnsmasq??