As this page deals with DNS it has the potential to break your internet access! Ensure you have stable live media that can restore your system.
DNScrypt provides encryption from clients to upstream DNS servers. Encrypting this traffic prevents spying, spoofing, and other man-in-the-middle attacks.
root # emerge dnscrypt-proxy
By default, opendns is used, although some opennic servers support dnscrypt.
/etc/conf.d/dnscrypt-proxy controls settings for DNScrypt. A list of resolvers has been compiled for use with DNScrypt.
/etc/resolv.conf- set dns server as dnscrypt-proxy
Most configurations are located at /etc/dnscrypt-proxy/dnscrypt-proxy.toml
/etc/dnscrypt-proxy/dnscrypt-proxy.toml- set dnscrypt-proxy server on an alternate port for dnsmasq to listen to.
listen_addresses = ['127.0.0.1:53000']
/etc/conf.d/dnscrypt-proxy- the ebuilds not properly making a dnscrypt user:group currently, use dnsmasq.
root # rc-update add dnscrypt-proxy default root # rc
If you're using opendns, this welcome page will tell you if you're encrypted or not.
If you're using any other encryption enabled dns servers, try a "leak" test. They should only report the dns servers associated with the ones you've chosen from the list.