DEV Community

Tyler
Tyler

Posted on • Updated on

Using DNSCrypt with AdGuard Home & Pi-hole

Alt Text

This will be a super simple and easy to follow guide to get you using DNSCrypt and utilize DNSSEC with AdGuard Home and/or Pi-hole on Linux.

1: Open your terminal of choice

2: run sudo su to become superuser

3: run cd /opt since this is where we install DNSCrypt

4: You need to download the latest binaries from GitHub with wget in this example we will use the 64bit version (since that is most common)

4.5: THIS ISN'T THE LINK YOU USE, use the latest release that is for your system wget is the correct tool for the job, this is how you download the file wget https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.46-beta3/dnscrypt-proxy-linux_x86_64-2.0.46-beta3.tar.gz

5: run tar xzvf dnscrypt-proxy-linux_x86_64=2.0.46-beta3.tar.gz or whichever you have to download for your system

6: run mv linux-x86_64 dnscrypt-proxy or whichever is for your system, could be linuxi386 or whatever you downloaded for your system.

7: Delete the tar file with rm dnscrypt-proxy-linux_x86_64=2.0.46-beta3.tar.gz or whichever file you have downloaded.

8: cd into the new directory with cd dnscrypt-proxy

9: use mv to rename the example to the config file we are going to use. mv example-dnscrypt-proxy.toml dnscrypt-proxy.toml

9.5: Now we are going to edit the newly created .toml file with our editor of choice, in this example I will use Vim but you can use nano, emacs, etc.

run vim dnscrypt-proxy.toml to begin editing the config file. This is a long file and mostly complete I will guide you through the lines you have to change.

listen_addresses = ['127.0.0.1:53'] needs to be changed to listen_addresses = ['127.0.0.1:5353']

require_dnssec = false should be require_dnssec = true

10: From here you are ready to continue with setup, but this is a huge config file with lots of options, you can tinker as you see fit.

11: run ./dnscrypt-proxy -service install and dnscrypt-proxy -service start and ./dnscrypt-proxy -service enable

  1. Now login to the admin portal of either Pi-hole or AdGuard Home, whichever you are using.

Telling AdGuard Home to use DNSCrypt

Go into your AdGuard Home admin panel and go to Settings -> DNS settings

In the Upstream DNS servers box you now put 127.0.0.1:5353 and apply.

Telling Pi-hole to use DNSCrypt

  1. Go into Settings and go to Upstream DNS settings, uncheck every DNS box and check one custom IPv4 address, input 127.0.0.1#5353 and apply

Finalize Configuration
Make sure to enable DNSSEC in whichever software you are using with DNSCrypt.

If you have any issues or want to join a community of whole home adblocking/tech enthusiasts please check out: https://discord.com/invite/VzThBmB

Amazon Wishlist: https://www.amazon.com/hz/wishlist/ls/1GD5YOV16E0G0

Discussion (0)