This is a quick intro with how to use lokinet with dnscrypt-proxy on ubuntu/debian based distros to secure your dns queries from spying eyes, as requested by someone on an XMPP muc.


You want to first install dnscrypt-proxy

# apt update
# apt install dnscrypt-proxy

Next install lokinet see this blog post on how to do that.


By default your system will want to use dnscrypt-proxy as system resolver, this is fine as you can always forward dns for .loki and .snode to lokinet.

In /etc/dnscrypt-proxy/dnscrypt-proxy.toml you want to add an option to provide a fowarding file:

forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'

In a new file at /etc/dnscrypt-proxy/forwarding-rules.txt'put the following forwarding rules:


The first rule says to forward the .loki gtld to lokinet dns (

The second rule says to forward the .snode gtld to lokinet dns

The third rule is for reverse dns for ip range so you can resolve the .loki address from the range owned by lokinet.

If you do not use for lokinet's ephemeral IP range change the third rule to match the range you use.

Finally you want to set your primary dns resolver to use (not that is lokinet dns)

Posted at by Jeff     Tags: lokinet, dns, dnscrypt, dnscrypt-proxy, configuration