dnscrypt.ca ... Free, Canadian, uncensored, no-logs, encrypted, and DNSSEC validated DNS service for your pleasure.

Background

When you connect to things like web sites, email services, and streaming media services you probably almost always use names like dnscrypt.ca because they are easier to remember than IP addresses. Your device uses a service called DNS to convert those names to IP addresses so it can make the connection. Unfortunately, DNS was originally created a long time ago [digitally speaking] and the traffic is not encrypted. Because of this, someone like your ISP or a government could be saving your DNS traffic and recording the names you convert to IP addresses. Other problems with DNS could be used to provide incorrect IP addresses for some names, causing you to connect to the wrong server. These days, DNS has a bunch of bandaids (like DNSCrypt and DNSSEC) that can be used to mitigate these problems.

I have been running one or more encrypted DNS servers [specifically in Canada] for the better part of a decade now. I bounced around to a few VPS providers in the early days and settled on ULayer, which I used until they closed up in February 2024. When I requested that my resolvers be removed from the public resolver list that is maintained by the dnscrypt-proxy community I was approached by PCH, a large non-profit organization that provides a significant amount of support for the infrastructure that makes the Internet work. Unfortunately because of some technical limitations, that partnership did not work out. However, in the process of working on a new setup for dnscrypt.ca I received a suggestion from someone named woefulwabbit that panned out. So now thanks to inet.ws I am back up and running again. They have VPSs packages that offer a lot more bandwidth than many others [especially for small resource VPSs] and have agreed to sponsor me with a server in Toronto for use as a DNS resolver. Thank you inet.ws!

Connecting

I would suggest using dnsproxy for most setups, or dnscrypt-proxy if you require some of the advanced features it offers. There are also other client applications available. With dnsproxy you would use a command line like this:

dnsproxy -l 127.0.0.1 -u https://dns1.dnscrypt.ca/dns-query -b 84.200.69.80

which would connect to my DoH service, and use dns.watch as a bootstrap server (this may be required for your system to resolve dns1.dnscrypt.ca in order to connect). Once that is running you would set your operating system's DNS server to 127.0.0.1. With dnscrypt-proxy you would edit your dnscrypt-proxy.toml file and tell it to use dnscrypt.ca using a "server_names" directive near the top like this:

server_names = ['dnscrypt.ca-ipv4']

There are a lot of other options with dnscrypt-proxy and I think if you are going to use it that you should read through the whole .toml file and understand what all of the options do.

Protecting Your Home Network

If you have a bunch of devices on your home network it might be better to setup a single device to do name resolution for all of them. A very small PC [or even a SBC like a Whatever Pi] can easily use dnsproxy or dnscrypt-proxy to handle the DNS requests for all your home devices. Just set up the proxy application to listen on your LAN address instead of 127.0.0.1 and setup your DHCP server point clients to it as their DNS server.