I’ll skip the usual shite about why you really should be using one of DNSCrypt, DoT or DoH nowadays. Okay, maybe not that last one if it can be avoided.
So, here’s my very quick guide / reference to getting DNSCrypt and dnsmasq working. This has been tested with waydroid, which is especially relevant because waydroid runs its own dnsmasq instance, which can sometimes fail to start when another instance is already running.
server_names = ['cloudflare']
listen_addresses = ['127.0.0.53:53000']
Edit server_names as you wish, or leave it commented and adjust the
require_* configuration values as desired.
If you use the same loopback address as dnsmasq will use, make sure to change the port to something non-standard.
dnsmasq: failed to create listening socket for 192.168.250.1: Address already in use errors in waydroid log?
You probably forgot to enable
bind-interfaces. It prevents dnsmasq from binding to the loopback interface, which would interfere with waydroid.
To optionally (though it’s strongly recommended) enable DNSSEC, uncomment the following two lines:
apk add dnsmasq-dnssec (or your system’s equivalent)!
Many things will break if you try and specify a non standard (53) port in resolv.conf. So don’t. Dnsmasq should be configured to use port 53 by default. However, you can use a different localhost address as I’ve done here. Just remember to update dnsmasq.conf
This prevents NetworkManager from overwriting
resolv.conf with the DNS server provided by DHCP, as it would usually. This will not automatically edit existing networks, so you may have to delete and re-add connections, or just update the DNS field to blank and checking