Help with dnscrypt-proxy

linuxuser1 · August 10, 2025, 8:35am

I installed dnscrypt-proxy in the fedora 42 template. Do I need to change dns in the template so that appvms retain the changes? Or do I need to run dnscrypt-proxy in the appvms? If latter, please help me how to do it. I understand that I need to edit sudo nano /rw/config/rc.local

If I need to change dns in template, do I just need to disable systemd-resolver and add the address 127.0.2.1 to resolv.conf?

linuxuser1 · August 10, 2025, 12:07pm

I thought I should add this to sudo nano /rw/config/rc.local

systemctl stop systemd-resolved
systemctl disable systemd-resolved
echo "nameserver 127.0.2.1"  | tee /etc/resolv.conf
systemctl restart dnscrypt-proxy

but it didn’t work

Tezeria · August 10, 2025, 12:52pm

Look at this tutorial of @qubist :

And this one to configure sys-dns and sys-wall to change nftable instead of iptable:

It’s what i use

linuxuser1 · August 10, 2025, 1:55pm

Hi, Tezeria!
Will it work for fedora 42? What fedora version do you have now?

Tezeria · August 10, 2025, 1:59pm

I’m still on fedora 41 so I can’t tell you.

linuxuser1 · August 10, 2025, 2:08pm

Okay. Thank you I will try it tomorrow on fedora 42 and write result.
@qubist are you using fedora 42 for dnscrypt-proxy right now or fedora 41 too?

qubist · August 12, 2025, 4:50pm

@qubist are you using fedora 42 for dnscrypt-proxy right now or fedora 41 too?

I have stopped using Fedora templates a fairly long time ago. I use only Debian now. I am not using DNSCrypt currently. I have been preparing a guide for Debian (using a better approach) but unfortunately I am overwhelmed with all kinds of problems, so I am still not ready with it. I hope you have the patience.

@Tezeria - glad to see you around!

Tezeria · August 12, 2025, 5:07pm

For sure

Do you use something else?

linuxuser1 · August 12, 2025, 5:27pm

Of course! Your guides and tools are really awesome! Thank you for your work for the Qubes community!

Tezeria · August 12, 2025, 5:38pm

So it work with fedora-minimal-42 ?

linuxuser1 · August 13, 2025, 8:35am

I haven’t done it yet. I was busy setting up the second sys-vpn, then I tested dom0-live in btrfs. Now I’m waiting for qubist post about dnscrypt-proxy. For now, I’ve only added dns-over-tls to some appVms

/rw/config/rc.local

systemd-resolve --set-dns=9.9.9.9 --set-dnsovertls=yes --interface=eth0
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl restart systemd-resolved

qubist · August 14, 2025, 5:31pm

Do you use something else?

https://dns.watch/ for the small amount of clearnet. However, I dare to say their “Optimized for maximum speed” boasting is far from true, at least for me

Tezeria · August 15, 2025, 11:55am

Ok, so i’ll stay with dsncrypt! lol