What is DNSCrypt

Most applications on your computer, mobile devices and connected gadgets heavily use DNS, a mandatory protocol to communicate over the Internet.
Unfortunately, the security of that important protocol could be vastly improved. Encryption is nonexistent, and authentication mechanisms exist, but are criticized and haven’t received much adoption.

DNSCrypt is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It prevents DNS spoofing, uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.
It is an open specification, with free and open source reference implementations, and it is not affiliated with any company nor organization.

Features of dnscrypt.one

• official, public and free DNSCrypt resolver & anonymized DNS relay
• no logs, no tracking and no surveillance for clients’ privacy ¹
• non-filtering and non-censoring
• DNSSEC validation for enhanced security and integrity
• no forwarding to external DNS servers (Google, Quad9, Cloudflare, DNS.WATCH, …)
• build on open-source software (encrypted-dns, Unbound, Redis)
• keys and certificates rotation
• local copy of the DNS root zone (hyperlocal)
• qname-minimisation
• DNSKEY and cache prefetching for reduced latency
• Redis as second-level-cache
• UDP/443 and TCP/443 (mostly open for HTTPS)
• DNSCrypt version 2 protocol
• compatible with Pi-hole
• running on a multi-core system with a 400 Mbit/s port in the European Union

How to connect

Connecting to dnscrypt.one requires a DNSCrypt client to be installed on a computer, device or router.

• Simple DNSCrypt (Windows)
• dnscrypt-proxy (Linux)
• dnscrypt-proxy switcher (macOS)
• DNSCloak (iOS)
• other clients

Names, IP address and status

Server name: dnscrypt.one
Provider name: 2.dnscrypt-cert.dnscrypt.one

Anonymized DNS relay: anon-dnscrypt.one

IPv4: 161.97.101.51
Protocol, port: UDP and TCP, 443

Status and uptime

Test sites

• Check my DNS
• DNS spoofability test
• DNS randomness
• Algorithm test
• DNSSEC resolver test
• DNSSEC or not

Contact

E-Mail: op2erator@dnscrypt.one (remove the number)

Disclaimer: Use at your own risk. This DNSCrypt resolver/relay is provided by a private person, not a company. Under no circumstances will the DNSCrypt resolver/relay operator be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from accessing or otherwise using this service. The operator does not guarantee in any way the access, availability and continuity of the functioning of this service. By using this service you consent to the disclaimer and agree to its terms and conditions.

¹ The operator would like to make it clear that there is no interest whatsoever in the surfing behaviour and online activities of users. The resolver/relay neither collects any personal data nor gathers information a device sends to or an user enters on websites.