What is the most secure way todo DNS encryption?

thanks for the tip, i can handle it slowing a down a bit im sure its better then tor for my threat model, i seen somewhere load balancing mentioned and even distribution of dns requests to all providers, but when i was reading the documentation it seemed that dnscrypt would just choose the fastest dns provider

Take your time and read and then re-read the .toml. It’s your best documentation. FWIW, don’t make mass changes until you get a feel for it. It’s easier to revert single steps

1 Like

ya that was my original mistake :slight_smile: now ill do one at a time, there is alot of options that appear to effect privacy and security

1 Like

I had dnscrypt-proxy2 running on my OpenWrt 22.03 for a while, works pretty well. The setup is simple, just edit the default /etc/dnscrypt-proxy2/dnscrypt-proxy.toml file, modify the server_names line to:

server_names = ['quad9-dnscrypt-ip4-filter-pri', 'quad9-doh-ip6-port443-filter-pri']

and listen_addresses line to:

listen_addresses = ['', '[::1]:5353']

Then set your dnsmasq upstream to match the listen addresses above. (you can use ipv4 if you don't use ipv6, or use a different loopback ip/port, it's up to you)

1 Like

So you can close this thread with the best solution