Did you get it to work? Because I've been trying, but every time I stop and disable systemd-resolved (so only dnscrypt-proxy is listening on port 53), it won't resolve URLs.
I've got a long record of everything I did (see below). I even edited the .toml file so it was identical to the settings I had when I was running Simple DNSCrypt under Windows, and I edited resolve.conf to reflect the different listening IP address, and NetworkManager.conf (hoping that I could replace dns=dnsmasq with dns=dnscrypt-proxy)... all no joy.
I ended up purging dnscrypt and reenabling and restarting systemd-resolved, whereupon DNS resolution started working again.
Here's what I did:
First, we want to make sure everything is up to date, so we issue the command:
sudo apt update
... and if anything needs updating, we issue the command:
sudo apt upgrade
Then we can fetch DNSCrypt (latest version: 2.0.31) by issuing the command:
sudo apt install dnscrypt-proxy
We need to know if anything is listening on port 53, so we issue the command:
ss -lp 'sport = :domain'
You should see output like this:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.2.1:domain 0.0.0.0:*
udp UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:*
tcp LISTEN 0 4096 127.0.2.1:domain 0.0.0.0:*
tcp LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:*
Now issue the commands:
systemctl stop systemd-resolved
systemctl disable systemd-resolved
And just to be sure that only DNSCrypt is now listening on port 53, issue the command again:
ss -lp 'sport = :domain'
You should see output like this:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 127.0.2.1:domain 0.0.0.0:*
tcp LISTEN 0 4096 127.0.2.1:domain 0.0.0.0:*
Now we need to configure the .toml configuration file. The easiest way of doing that is to start gedit as root:
sudo gedit
Then open the file at /usr/share/doc/dnscrypt-proxy/examples/example-dnscrypt-proxy.toml, edit it, then save it to /etc/dnscrypt-proxy/dnscrypt-proxy.toml (NOTE THE CHANGE IN FILE NAME). This gives you the chance to edit the file to your liking before saving it.
In that file, I changed:
listen_addresses = ['127.0.0.1:53', '[::1]:53']
to:
listen_addresses = []
Note: I first tried this with 127.0.0.1:53... apparently making this blank is required because it installs systemd sockets instead of standard sockets. Alternatively, you can disable systemd sockets and keep the listen-addresses entries:
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/systemd#disable-systemd-socket-activation
and:
force_tcp = false
to:
force_tcp = true
and...
# log_level = 2
to:
log_level = 6
and...
# dnscrypt_ephemeral_keys = false
to:
dnscrypt_ephemeral_keys = true
and...
# tls_disable_session_tickets = false
to:
tls_disable_session_tickets = true
and...
ignore_system_dns = false
to:
ignore_system_dns = true
and (because I'm on an IPv4 network)...
block_ipv6 = false
to:
block_ipv6 = true
... and I uncommented:
lb_strategy = 'p2'
lb_estimator = true
use_syslog = true
Then issue the commands:
systemctl enable dnscrypt-proxy
systemctl start dnscrypt-proxy
Now we have to connect DNSCrypt to Network Manager:
sudo gedit
Open /etc/NetworkManager/NetworkManager.conf
... and change:
[main]
plugins=ifupdown,keyfile
to:
[main]
plugins=ifupdown,keyfile
dns=dnscrypt-proxy
... then save that file.
Then we have to change the system DNS settings. Issue the command:
sudo gedit
... and open the file /etc/resolv.conf, and save it as /etc/resolv.conf.backup
Then go back and reopen /etc/resolv.conf and edit it so it shows the following:
nameserver 127.0.0.1
options edns0 trust-ad
... and save that file.
Then we need to set up dnscrypt-proxy as a system service.
In Terminal, type:
cd /etc/dnscrypt-proxy
dnscrypt-proxy -service install
dnscrypt-proxy -service start
In your Network Settings, change DNS server from 'Automatic' to '127.0.0.2'.
Then issue the command:
sudo systemctl restart NetworkManager.service
Then reboot your computer.
If you decide that DNSCrypt isn't for you, you can remove it by issuing:
dnscryptproxy -service stop
sudo apt purge dnscrypt-proxy
systemctl enable systemd-resolved
systemctl start systemd-resolved
Can anyone see what I'm doing wrong?