---
title: "DNSCrypt"
date: 2021-08-06T23:38:45+02:00
draft: false
toc: true
enableGitInfo: true
tags: [dnscrypt, dns, privacy, security, censorship]
---

### why are you doing this?
There are many publicly available [open resolvers using DoT, DoH or
DNSCrypt](https://dnscrypt.info/public-servers) to secure the traffic. However,
we have still felt the need to run our own, especially since it's such a
critical part of the infrastructure.  Since now it's a reality, we're offering
it for public use.

### so what is it?
What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS
resolver using
[dnscrypt-server-docker](https://github.com/dnscrypt/dnscrypt-server-docker) project.
Our resolver is available over both IPv4 and IPv6.

### can I haz some plz
> Since the name servers are not (yet) a part of any listing of public
> resolvers, entries have to be added manually.

Paste one or both of the following entries in the `[static]` section of your
`dnscrypt-proxy.toml` configuration file.

IPv4 (`144.91.70.62`)
```toml
[static. 'dnscrypt.dotya.ml-ipv4']
  stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA'
```

IPv6 (`2a02:c207:2030:396::1`)
```toml
[static. 'dnscrypt.dotya.ml-ipv6']
  stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s'
```

### Configuration
Files used to set up and run this service can be found here:\
https://git.dotya.ml/dotya.ml/dnscrypt-server.
It's a `docker-compose` setup managed with `systemd`, similar to how Drone CI
is handled.