-
Notifications
You must be signed in to change notification settings - Fork 1k
Logging
Even when you are not browsing any websites, devices constantly send a large amount of DNS traffic.
dnscrypt-proxy let you watch in real time what DNS queries are being sent, so you can block the ones you don't trust.
These logs stay on your computer: they are just saved as local files, and are not sent to any servers.
The configuration file includes a [query_log] section:
[query_log]
file = '/var/log/dnscrypt-proxy/query.log'
format = 'tsv'
ignored_qtypes = ['DNSKEY', 'NS']This can be used to log individual queries.
If the file property is not defined, no logs will be stored.
format can be either tsv or ltsv.
The tsv format is a simple list of Tab-Separated Values, easy to parse but also easy to read.
ltsv is a structured format that is less human-readable, but simple to parse and usually a better fit for log processors.
By default, all types of DNS queries are logged. In order to reduce the noise, the optional ignored_qtypes property can contain a list of record types to be ignored.
In somecases if you want to run dnscrypt-proxy as a non-root user you'll get the error "[FATAL] listen udp 0.0.0.0:53: bind: permission denied"
to solve this problem you can run the following command and allow dnscrypt to have access to a low level port :
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features