DNSCrypt: great proxy alternative to cloudflared

I’ve been testing for two days, and I think it’s great.

DNSCrypt supports DoH, and the Cloudflare DNS is already in their list of public resolvers.

dnscrypt-proxy is a great software to use as an alternative to Cloudflared-proxy.

Installation instructions here.


Do you have a source detailing the usage of DoH? I couldn’t find anything…

It’s on the main website


DNSCrypt does support DoH, and the Cloudflare DNS has been on their resolver list for some time now.

Direct link to developer pages: https://developers.cloudflare.com/
(Afaik DoH should be preferred over DNS-over-TLS.)


I tried opening the website using the hostname (https://1dot1dot1dot1.Cloudflare-dns.com/) and it fails! I didn’t even try the direct IP…


1 Like

There’s the main URL: https://Cloudflare-dns.com … but that redirects to

1dot1dot1dot1.Cloudflare-dns.com is just the dns hostname:

 ❯ dig +short -x

Well, yesterday https://Cloudflare-dns.com didn’t redirect to nothing, so I tried the other one. Didn’t expect them to use just the IP, that’s all.

It’s not working for me, either. Neither is Dig @

A response to my post on the blog was this:

Due to various reasons does not work for fraction of the internet; We are working in fixing that. The issues involved include; Network filters; various devices that use internally; etc. Stay tuned for followup blogs and for now use or our IPv6 addresses 2606:4700:4700::1111, 2606:4700:4007::1001

if you traceroute to @sdayman how far does it go? Does it escape your LAN?

1 Like

It goes about two zones into Charter, ten miles away. goes all the way through. L.A. to Minnesota to Virginia. That, uh, seems a long way away.

Yeah definitely some route optimizations still available. Getting it announced by some folks was fun… I’d recommend opening a ticket with Charter if they’re you ISP. I’m sure they will thank you for the heads up. :wink:

Just found out that DNSCrypt has been supporting the Cloudflare DNS for some time now. I always thought it was a different server. (Will edit the OP.)

1 Like

You probably mean dnscrypt-proxy :slight_smile:

It’s a bit sad that there was no mention of it to use DoH, especially since it works very well with Cloudflare, out of the box.

1 Like

Yes! I’ll be adding a how-to for dnscrypt-proxy to the documentation shortly.
EDIT: It’s now published.


Do you have any mechanism that allows us to verify we set up DoH or DNS-over-TLS correctly?
Maybe something similar to nslookup -type=txt debug.opendns.com.

The response you get from such a query should be trusted just as you would trust an email with an attachment that says “open me, I’m totally not a virus”.

Anyway, you can run ./dnscrypt-proxy -resolve example.com. Among other things, it will return the “Resolver IP”. You can then check that this IP belongs to Cloudflare, for example on https://iptoasn.com

Another way, is to temporarily stop the proxy. It you can’t resolve anything any more, you were obviously using it, and your queries are not leaking through another path.

@mvavrusa Where can I find the how-to that you mention is now published?