dnscrypt-proxy
« Back to VersTracker
Description:
Secure communications between a client and a DNS resolver
Type: Formula  |  Latest Version: 2.1.15@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: dns privacy encryption security networking
Install: brew install dnscrypt-proxy
About:
DNSCrypt-proxy is a versatile tool that secures DNS traffic between a client and a resolver. It encrypts DNS queries using the DNSCrypt protocol to prevent eavesdropping and DNS spoofing attacks. The service can also handle DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) for modern privacy requirements.
Key Features:
  • Encrypts DNS traffic using the DNSCrypt protocol
  • Supports DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT)
  • Blocks ads, trackers, and malicious domains via filtering
  • Provides advanced load balancing and failover capabilities
Use Cases:
  • Securing DNS queries on public Wi-Fi networks
  • Bypassing ISP-imposed DNS censorship or filtering
  • Blocking malware and phishing domains at the DNS level
Alternatives:
  • cloudflared – Cloudflare's DNS proxy specifically for DoH, whereas dnscrypt-proxy supports multiple protocols including DNSCrypt.
  • unbound – A recursive DNS resolver, whereas dnscrypt-proxy acts as a forwarding proxy focused on encryption.
License: ISC
Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, sonoma, arm64_linux, x86_64_linux
Important Notes:
After starting dnscrypt-proxy, you will need to point your
local DNS server to 127.0.0.1. You can do this by going to
System Preferences > "Network" and clicking the "Advanced..."
button for your interface. You will see a "DNS" tab where you
can click "+" and enter 127.0.0.1 in the "DNS Servers" section.

By default, dnscrypt-proxy runs on localhost (127.0.0.1), port 53,
balancing traffic across a set of resolvers. If you would like to
change these settings, you will have to edit the configuration file:
  $HOMEBREW_PREFIX/etc/dnscrypt-proxy.toml

To check that dnscrypt-proxy is working correctly, open Terminal and enter the
following command. Replace en1 with whatever network interface you're using:

  sudo tcpdump -i en1 -vvv 'port 443'

You should see a line in the result that looks like this:

 resolver.dnscrypt.info
Version History
Detected Version Rev Change Commit
Dec 10, 2025 5:00pm 0 VERSION_BUMP 2459a34b
Oct 10, 2025 12:01pm 0 VERSION_BUMP 6c46b390
Sep 14, 2025 7:10pm 0 VERSION_BUMP 84765f88
Jan 11, 2025 4:54pm 0 VERSION_BUMP 9ffb6aca
Jan 11, 2025 2:18am 0 VERSION_BUMP 22dcc895
« Back to VersTracker  |  Browse Packages  |  About