How to check if DNS is encrypted?

You could check it with Wireshark by listening to your network card, just follow these steps:

1. sudo apt-get install wireshark (paste it into a terminal)
2. start it from a terminal with sudo wireshark (you need to be sudo to be able to listen to your network card.)
3. then start listening and filter out everything but your own ip.

Now just check if the dns protocols are encrypted.

1. use the filter to only show dns
2. Stop the scan.
3. click on a list item that says dns and comes from your ip.
4. Now click on the transmission protocol to see if it's encrypted.

If you are using OpenDNS as the dnscrypt supporting DNS server, a way to check if it's working is to use one of these commands:

drill txt debug.opendns.com

dig txt debug.opendns.com

The answer text should contain a line where it says "dnscrypt enabled":

;; ANSWER SECTION:
debug.opendns.com.  0   IN  TXT "server 11"
debug.opendns.com.  0   IN  TXT "flags 22 2 222 2"
debug.opendns.com.  0   IN  TXT "id 6666666"
debug.opendns.com.  0   IN  TXT "source 209.6.69.160:44444"
debug.opendns.com.  0   IN  TXT "dnscrypt enabled (...)"