How to Encrypt DNS Traffic in Windows with DNSCrypt

DNS requests or queries are often the weakest link in the network chain as they are completely unencrypted even when you are using HTTPS or VPN service to secure your Internet communication. This unprotected DNS provides ample opportunities for vulnerabilities like man-in-the-middle attacks, DNS snooping, hijacking traffic, etc.

To solve this problem, OpenDNS released DNSCrypt which adds an extra layer of security by encrypting your DNS queries on the local network, essentially blocking any DNS leaks. Here is how to configure your Windows machine to leverage the power of DNSCrypt to encrypt DNS queries.

1. As technical as it sounds, configuring DNSCrypt on a Windows machine is really easy. First, head to the official website and download the DNSCrypt Proxy ZIP package for Windows.


2. Once downloaded, extract the folder inside the package into your C drive or any other drive for that matter. After extracting, rename the folder to “dnscrypt.” That way it will be easy to navigate in the command prompt.


3. Now open up your command prompt with elevated privileges. To do that, Press “Win + X” and select the option “Command Prompt (Admin).” If you are using Windows 7 or Vista, simply search for Command Prompt in the start menu, right-click on it and select the option “Run as Administrator.”


4. Once the Command Prompt has been opened, navigate to the “bin” folder inside the extracted “dnscrypt” folder in your C drive using the command below. If you have placed the folder elsewhere, modify the command accordingly.



5. Before installing the DNSCrypt, you need to test the server key fingerprint of the DNS we are going to use. In my case, I’m going to test the OpenDNS. To perform the test, enter the command below and execute. Again, change the directory address if you have placed your folder elsewhere.

dnscrypt-proxy.exe --resolver-name=opendns --resolvers-list="c:\dnscrypt\bin\dnscrypt-resolvers.csv" --test=0


6. Once you execute the above command, you should receive a response similar to the image below regarding the server key fingerprint. If not, try other compatible DNS providers from the included CSV file.


7. To install the DNSCrypt service on your Windows machine, enter the below command.

dnscrypt-proxy.exe --resolver-name=opendns --resolvers-list="c:\dnscrypt\bin\dnscrypt-resolvers.csv" --install


8. Once executed, you will receive a confirmation message along with info on the used registry key and the must change DNS resolver settings.


9. To change the DNS settings, press “Win + X” and select the option “Network Connections” to open the Network Connections window. If you are using Windows 7 or Vista, you can access the same via the Networking and Sharing Center.


10. Right click on your network adapter and select the option “Properties.”


11. In the properties window, scroll down, select “Internet Protocol Version 4 (TCP/IPv4)” and click on the “Properties” button.


12. Select the radio button “Use the following DNS server addresses” and enter the localhost address as your preferred DNS. Once you are done adding, click on the “Ok” button to save the changes.


Now, if you are using IPv6, then open the IPv6 properties and enter the preferred DNS as ::1.

That’s all there is to do, and it is that easy to configure your Windows computer to use DNSCrypt. From now on, all your DNS queries are encrypted.

Hopefully that helps, and do comment below if you face any problems while installing the DNSCrypt service for Windows.