Skip to content

How to compile and install DNScrypt (dnscrypt-proxy) on OpenSUSE

Update (2018-02-03): DNSCrypt has been discontinued (and their site is already own :/ ). But it seems that this DNSCrypt 2 project will continue development. Also this DNS Privacy Project contains interesting information (not needed to just use DNScrypt, though).

DNScrypt is a tool that allows you to send your DNS queries to something else than your ISP’s DNS servers, while also encrypting those DNS requests to prevent snooping. I’m not sure how useful it is if you’re using a VPN, but I’m more of an SSH tunnel guy and as far as I saw, about every program except Firefox (when configured properly) will still perform its DNS requests in the wild instead of via the SSH tunnel, which is kind of retarded as it defeats the purpose of the tunnel… So that’s where DNScrypt comes in handy.

I found it quite trivial to use on Windows (except that setting a custom DNS server doesn’t seem to work – on a side note, this test page is great to check whether or not you are currently using OpenDNS as your DNS server), but on OpenSUSE it’s quite tougher to set up, as you’ll have to compile it yourself. Still, with the instructions it should be easy enough (plus in the end it works better than on Windows ;))

First, install some required stuff (may be more or less depending on what is already installed on your system – if more is required, the output on ./configure should
be most helpful in finding out the missing dependency):

zypper in gcc
zypper in -t pattern devel_C_C++

Then, download and install latest libsodium (it’s a dependency for which OpenSUSE doesn’t provide packages either):

tar xf libsodium-0.4.5.tar.gz
make && make install

Then you need to run ldconfig (just type ldconfig in the console). I have no idea of what it does, but if you don’t do it the ./configure for dnscrypt-proxy will most likely fail with a message like:

configure: error: cannot run C compiled programs.
If you meant to cross compile, use `--host'.
See `config.log' for more details
configure: error: ./configure failed for src/libevent-modified

Finally, download and install the latest dnscrypt-proxy:

tar xf dnscrypt-proxy-1.3.3.tar.bz2
make && make install

That’s it, you can already run it in console using:


However, by default, it will use OpenDNS servers. And OpenDNS is actually all but open, so you may want to switch to a more neutral provider. At list of providers can be found on To use a specific provider you’ll simply have to add some more parameters to the call, like:

dnscrypt-proxy --resolver-address= --provider-key=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21

Last but not least, you must now configure your connection to use as DNS resolver. In OpenSUSE, this is done via network connection management: for each connection, click “Edit”, then in the IPv4 Address tab, configure method to “Automatic (DHCP) addresses only“, and then set DNS servers to You may want to set DNS servers to ::1 in the IPv6 Address tab, but I didn’t try that since my ISP doesn’t support IPv6 yet.

And now that’s really it: you should be using DNScrypt. To make sure you are, you can stop dnscrypt-proxy and see that when it’s stopped you can’t access websites (NB: try this on websites that you didn’t visit very recently, otherwise their DNS records may be cached by your browser or by the system).

Of course, this isn’t a very convenient setup so far, and you may want to look up how to configure this as a daemon automatically launched at boot time. I give here brief instructions, if you need more details see

nano /etc/init.d/after.local

at the end, add:

exec /usr/local/sbin/dnscrypt-proxy --daemonize --pidfile=/run/ --resolver-address= --provider-key=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21

I’m not sure how necessary the PID file is, but I preferred not to try to mess up with it. Now your setup is complete: your DNS requests are encrypted, sent via DNScrypt to a DNS server different from OpenDNS (or not), and that setup is automatically loaded at start-up. Enjoy 🙂

Posted in cryptography, Internet, Linux, privacy.

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Some HTML is OK

or, reply to this post via trackback.

Sorry about the CAPTCHA that requires JS. If you really don't want to enable JS and still want to comment, you can send me your comment via e-mail and I'll post it for you.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA