How To Install DNSCrypt on OpenWrt

Install DNSCrypt on OpenWrt

In this tutorial, we will show you how to install and configuration of DNSCrypt on your OpenWrt router.  For those of you who didn’t know, DNSCrypt is a tool for securing communications between a client and a DNS resolver using elliptic-curve cryptography in the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic. With DNSCrypt it can prevent spying, spoofing, and man-in-the-middle attacks or even bypass DNS censorship from ISPs that use DNSLeak.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, I will show you the step-by-step installation DNSCrypt on an OpenWrt.


  • A server running one of the following operating systems: OpenWrt.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install DNSCrypt on OpenWrt

Step 1. Installing DNSCrypt.

DNSCrypt is managed by a source NOT directly included in opkg lists. So, the first step is to add the Source to opkg the list by adding the following line at the end of ‘/etc/opkg.conf’.

echo 'src/gz exopenwrt' >> /etc/opkg.conf

And proceed with the installation:

opkg update
opkg install dnscrypt-proxy

Confirm that the installation:

### opkg status | grep -n "dnscrypt-proxy"
### Result ###
230:Package: dnscrypt-proxy
236: /etc/config/dnscrypt-proxy ff316755d745da9b15b7166b667ed108

Step 2. Configuration DNSCrypt.

The config file /etc/config/dnscrypt-proxy is simple and should be edited according to your needs:

### nano /etc/config/dnscrypt-proxy
config dnscrypt-proxy
        option address ''
        option port    '5353'
      # option resolver        'cisco'
      # option resolvers_list  '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'
      # option ephemeral_keys '1'

Now we will start DNSCrypt and enable auto boot for it:

/etc/init.d/dnscrypt-proxy enable
/etc/init.d/dnscrypt-proxy start

If dnscrypt-proxy is not starting after a router reboot, it may be trying to start before the network interface is fully up. Add the following to /etc/rc.local, above the line “exit 0”:

sleep 10
/etc/init.d/dnscrypt-proxy start

Next, Edit ‘/etc/config/dhcp’ so that the ‘dnsmasq’ configuration looks like below:

config dnsmasq
    option domainneeded         1
    option boguspriv            1
    option filterwin2k          0
    option localise_queries     1
    option rebind_protection    1
    option rebind_localhost     1
    option local                '/lan/'
    option domain               'lan'
    option expandhosts          1
    option nonegcache           0
    option authoritative        1
    option readethers           1
    option leasefile            '/tmp/dhcp.leases'
#   option resolvfile           '/tmp/'
    option noresolv             1
    list server                 ''
    list server                 '/'
#   list server                 ''
#   list server                 ''

Restart dnsmasq for the changes to take effect:

/etc/init.d/dnsmasq restart

Congratulations! You have successfully installed DNSCrypt. Thanks for using this tutorial for installing DNSCrypt on your OpenWrt router system. For additional help or useful information, we recommend you check the official DNSCrypt website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button