This article describes how to install and configure dnscrypt-proxy to use DNSCrypt and DNS-over-HTTPS (DoH) with DNSSEC. Learn how to use dnscrypt-proxy to secure DNS queries in Linux:
While browsing on the web, people almost always use the domain name instead of the IP address of the requested resource. However, the domain name must first be resolved to a corresponding IP address by a DNS resolver. In most cases, the DNS resolver is assigned by the Internet Service Provider (ISP). Moreover, even if the requested website uses HTTPS, DNS queries use a different protocol and they are sent in plain-text by default.
These problems are addressed by both DNSCrypt and DNS-over-HTTPS (DoH). To start with, DNSCrypt is the name of the protocol which provides encryption and authentication between the client and the DNS resolver. It uses elliptic curve cryptography. Like DNSCrypt, DNS-over-HTTPS also encrypts the data but using HTTPS protocol, as the name suggests. By using either one of them, people can significantly lower the probability of request and/or tampering, thus preventing man-in-the-middle attacks.