DoH Tutorial Walk Through

Part 1: Architecture, Dnscrypt-Proxy, Configuration

Photo by Dayne Topkin on Unsplash

Introduction / Overview

For this tutorial I am following instructions from Antoine Aflalo’s page. It is very well laid out and easy to follow. In my setup I decided to use the Debian 9 (Stretch) and am hosting in AWS.



gpg:failed to start the dirmngr'/usr/bin/dirmngr': No such file or directory

gpg:keyserver receive failed: No dirmngr

From a quick Google search I have also realized that dirmngr needs to be installed as well. The command for that is as follows sudo apt-get install dirmngr --install-recommends Now when we run the command sudo add-apt repository ppa:shevchuk/dnscrypt-proxy the output returns the following:

gpg: keybox ‘/tmp/tmpxxxxxx/pubring.gpg’ created
gpg: /tmp/tmpxxxxxx/trustdb.gpg: trustdb created
gpg: key xxxxxxxxxx: public key “Launchpad PPA for Andrei Shevchuk” imported
gpg: Total number processed: 1

After executing this command, I still did not locate the .toml file so I pulled the repository into my user folder and used nano to edit and rename the .toml file and then to /etc/dnscrypt-proxy/

After editing the file and renaming it to “dnscrypt-proxy.toml” move the file to the appropriate directory and then verify that it has been moved.

sudo mv dnscrypt-proxy.toml /etc/dnscrypt-proxy/

ls /etc/dnscrypt-proxy/

Once the file has been moved, restart the service.

sudo systemctl restart dnscrypt-proxy


  • sudo apt-get install software-properties-common
  • sudo apt-get install dirmngr --install-recommends

It the next part of this article we will go through install and setup of the DNS-over-HTTPS server.