Step 1 - Install and Configure dnscrypt-proxy
sudo su
pacman -S dnscrypt-proxy
cd /etc/dnscrypt-proxy/
vim dnscrypt-proxy.toml
- Choose dns resolver
https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md
server_names = ['scaleway-fr', 'soltysiak', 'cloudflare', 'doh-blahdns-de']
- Configure Liste address on port 53000
listen_addresses = ['127.0.0.1:53000', '[::1]:53000']
- Enable dns cache
cache = true
- Start service and add it ot the boot time
systemctl start dnscrypt-proxy
systemctl enable dnscrypt-proxy
Step 2 - Install and Configure Dnsmasq
pacman -S dnsmasq
vim /etc/dnsmasq.conf
- Configure Dnsmasq
no-resolv
server=::1#53000
server=127.0.0.1#53000
listen-address=::1,127.0.0.1
- DNSSEC Validation
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
- Start service and add it to the boot time
systemctl start dnsmasq
systemctl enable dnsmasq
Step 3 - Edit resolv.conf
vim /etc/resolv.conf
- Change resolver to local Dnsmasq
nameserver ::1
nameserver 127.0.0.1
options edns0 single-request-reopen
Step 4 - Checking the Result
Additional:
permanent /etc/resolv.conf file
chattr +i /etc/resolv.conf
📝 with
It was a little tortuous, but it worked finally! Thank you for sharing!
I disabled DNSSEC because alidns-doh or cloudflare may not support it. I am not sure that.