This will be a super simple and easy to follow guide to get you using DNSCrypt and utilize DNSSEC with AdGuard Home and/or Pi-hole on Linux.
1: Open your terminal of choice or ssh into the machine
2: run sudo su to become superuser
3: run cd /opt since this is where we install DNSCrypt
4: You need to download the latest binaries from GitHub with wget in this example we will use the 64bit version (since that is most common)
4.5: THIS ISN'T THE LINK YOU USE, use the latest release that is for your system wget is the correct tool for the job, this is how you download the file wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.46-beta3/dnscrypt-proxy-linux_x86_64-2.0.46-beta3.tar.gz
5: run tar xzvf dnscrypt-proxy-linux_x86_64=2.0.46-beta3.tar.gz or whichever you have to download for your system
6: run mv linux-x86_64 dnscrypt-proxy or whichever is for your system, could be linuxi386 or whatever you downloaded for your system.
7: Delete the tar file with rm dnscrypt-proxy-linux_x86_64=2.0.46-beta3.tar.gz or whichever file you have downloaded.
8: cd into the new directory with cd dnscrypt-proxy
9: use mv to rename the example to the config file we are going to use. mv example-dnscrypt-proxy.toml dnscrypt-proxy.toml
9.5: Now we are going to edit the newly created .toml file with our editor of choice, in this example I will use Vim but you can use nano, emacs, etc.
run vim dnscrypt-proxy.toml to begin editing the config file. This is a long file and mostly complete I will guide you through the lines you have to change.
listen_addresses = ['127.0.0.1:53'] needs to be changed to listen_addresses = ['127.0.0.1:5335']
require_dnssec = false should be require_dnssec = true
10: From here you are ready to continue with setup, but this is a huge config file with lots of options, you can tinker as you see fit.
11: run ./dnscrypt-proxy -service install and ./dnscrypt-proxy -service start and systemctl enable dnscrypt-proxy
- Now login to the admin portal of either Pi-hole or AdGuard Home, whichever you are using.
Telling AdGuard Home to use DNSCrypt
Go into your AdGuard Home admin panel and go to Settings -> DNS settings
In the Upstream DNS servers box you now put 127.0.0.1:5335 and apply.
Telling Pi-hole to use DNSCrypt
- Go into Settings and go to Upstream DNS settings, uncheck every DNS box and check one custom IPv4 address, input
127.0.0.1#5335and apply
Finalize Configuration
Make sure to enable DNSSEC in whichever software you are using with DNSCrypt.
If you have any issues or want to join a community of whole home adblocking/tech enthusiasts please check out: https://discord.gg/DGscCVPRme
Top comments (1)
good job, will share the link around. we recommend adguard on our page, too.