An init script and configuration file have been provided to run dnscrypt-proxy as a daemon. To configure dnscrypt-proxy, edit: /etc/dnscrypt-proxy/dnscrypt-proxy.toml Remember to chmod +x /etc/rc.d/rc.dnscrypt-proxy before starting. By default dnscrypt-proxy will use a random DNS server, i have hardcoded some anonymizing relays to bounce the DNS querries around for increased privacy. Built in local caching is also enabled by default. The proxy will run on localhost 127.0.0.1 and ::1 port 53. If ipv6 is not required or available, it can be disabled in the config. The configuration file is setup to use a 'dnscrypt' user by default. In order to use the default configuration you should create a 'dnscrypt' user and group with the following commands: groupadd -g 293 dnscrypt useradd -u 293 -g 293 -c "DNSCrypt" -d /run/dnscrypt -s /bin/false dnscrypt If you decide to use another user you should edit the user_name setting in: /etc/dnscrypt-proxy/dnscrypt-proxy.toml In order to send all DNS requests through dnscrypt-proxy, you will need to update /etc/resolv.conf to point to localhost. If using dhcpcd, the easiest way to set dnscrypt-proxy as the primary (but not exclusive) dns resolver is to create file /etc/resolv.conf.head with the following line: nameserver 127.0.0.1 You may also have to add the following line to enable EDNS: options edns0 It is also recommended to make the resolv.conf file immutable by issuing: chattr +i /etc/resolv.conf To prevent the settings from being reset by dhcp or any other service. To start dnscrypt-proxy automatically at system start, add the following to: /etc/rc.d/rc.local: if [ -x /etc/rc.d/rc.dnscrypt-proxy ]; then /etc/rc.d/rc.dnscrypt-proxy start fi To properly stop dnscrypt-proxy on system shutdown, add the following to: /etc/rc.d/rc.local_shutdown: if [ -x /etc/rc.d/rc.dnscrypt-proxy ]; then /etc/rc.d/rc.dnscrypt-proxy stop fi