Many tutorials we found on internet talk about DNSCrypt but no one talks about Ubuntu 15.04. As you know, Ubuntu 15.04 brings big changes named systemd (replaced upstart as init system). So, installing DNSCrypt on 12.04 will be different with 15.04. I try to write an article about it. In short, DNSCrypt will encrypt our DNS request so our connection will be secure from DNS hijacking or any of such security attack. We will install DNSCrypt via PPA from Pascal Mons because some days ago he uploaded the Vivid packages for DNSCypt. Thanks for Pascal Mons.



  1. Install DNSCrypt (from PPA).
  2. Start DNSCrypt process.
  3. Set DNS.
  4. Restart systemD Network.Manager service.
  5. Check Your DNS
  6. Create A systemD Service.

1. Install DNSCrypt 

Use these commands to install a new repository and install package dnscrypt-proxy on your Ubuntu 15.04.
sudo add-apt-repository ppa:anton+/dnscrypt
sudo apt-get update
sudo apt-get install dnscrypt-proxy
Its PPA address is

2. Start DNSCrypt 

sudo dnscrypt-proxy -R opendns -a -u dnscrypt
Explanation - This command will start dnscrypt-proxy program with OpenDNS DNS service (yes, you may select another DNS), start it on address at port 53, and run it as dnscrypt user (this user is created when you install it from PPA). It will not automatically start DNSCrypt at booting.

3. Set Your DNS To

First Option - Use your Network Manager GUI, change your DHCP settings. Make sure you make it uses See picture below.

Second Option - Edit your /etc/resolv.conf file so it has nameserver line. See picture below.

Third Option - there are some way more to change system DNS. You may use your own way.
Explanation - You have started dnscrypt on address so you must "force" your system to use DNS to connect to internet.

4. Restart The systemD Network Manager Service

sudo systemctl restart NetworkManager.service
Explanation - This is systemd command to restart Network Manager service. You should type correct case for every character.

5. Check Your DNS

First Option - Visit If you have changed your DNS correctly to OpenDNS (because of DNSCrypt), then the page will tell that you are using OpenDNS. If not, the page will say you are not using OpenDNS. It is the easiest way. See picture below.

Second Option - Visit If you are using OpenDNS, then that page will show you OpenDNS warning for phising site. If you are not, then you will see a text saying internetbadguys is only a demo site. See picture below.

Third Option - Use command sudo tcpdump -i wlan0 and see the outputs. If you see output like then it means your OpenDNS (via DNSCrypt) works. Change the wlan0 parameter with your current network interface. Again, you may change your DNS outside OpenDNS.

6. Create A systemD Service for DNSCrypt

First - Create a file named dnscrypt.service (the name will be the command) in /etc/systemd/system. To do it, use Gedit with command sudo gedit /etc/systemd/system/dnscrypt.service. You may use vi or nano too.

Second - Fill that file with these lines of code. This is dnscrypt configuration for Ubuntu systemd. See the picture.

Description=DNS Encryption Tool from OpenDNS

ExecStart=/usr/sbin/dnscrypt-proxy -R opendns -a -u dnscrypt 
ExecReload=/bin/kill -HUP $MAINPID

Third - After editing one system service, you should reload systemd. The command is sudo systemctl daemon-reload.

Fourth - Test it. If it is correct, you must able to start it now by command sudo systemctl start dnscrypt.service (when no another dnscrypt started). Look for the running process with ps aux | grep dns command. See picture below.

sudo systemctl start dnscrypt service
ps aux | grep dns

Fifth - If you configure correctly, dnscrypt will always run when you start your Ubuntu. No need to type any command every you want to connect.


, , , ,