Pi-hole/pi-hole
Pi-hole/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole.git synced 2025-01-26 06:19:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Updated DNSCrypt 2.0 (markdown)

Frank Denis 2018-02-10 14:35:38 +01:00
parent 4fd3fbd780
commit 7114c3b134
1 changed files with 29 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
DNSCrypt-2.0.md

@ -6,40 +6,48 @@ This can probably replace the DNSCrypt page, but leaving it for archive purposes
## Step 1: Install DNSCrypt-Proxy
* mkdir -p /dnsproxy: (this is just a folder to store everything. Pihole instructions have this on the root of the partition, but should work from anywhere), suggest opt or etc.
* Download [latest](https://github.com/jedisct1/dnscrypt-proxy/releases/latest) pre-built binary. I'm using Debian, so I used linux_x86_64. There is a binary for arm.
* tar -xf <filename_linux_x86_64.tar.gz>: extract prebuilt binary
* cd linux_x86-64: cd into extracted dir
* nano/vi example-dnscrypt-proxy.toml: Edit the toml file. This is where all the fancy configuration happens.
* Edit port to be something other than 53 (since 53 is being used by PiHole). This is the listen_addresses line. Change both IPv4 and IPv6 as desired.
* Edit other settings as desired. I set dnssec to be True. There are a lot of other options, but server selection and more is already done.
* cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
* dnscrypt-proxy -service install: install dnscrypt-proxy service
* dnscrypt-proxy -service start: start the new service
* `mkdir -p /dnsproxy`: (this is just a folder to store everything. Pihole instructions have this on the root of the partition, but should work from anywhere), suggest opt or etc.
* Download [latest](https://github.com/jedisct1/dnscrypt-proxy/releases/latest) pre-built binary. I'm using Debian, so I used `linux_x86_64`. There is a binary for arm.
* `tar -xf <filename_linux_x86_64.tar.gz>`: extract prebuilt binary
* `cd linux_x86-64`: cd into extracted dir
* `cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml`
* `nano/vi dnscrypt-proxy.toml`: Edit the toml file. This is where all the fancy configuration happens.
* Edit port to be something other than 53 (since 53 is being used by Pi-Hole). This is the listen_addresses line. Change both IPv4 and IPv6 as desired.
* Edit other settings as desired. I set `dnssec` to be `true`. There are a lot of other options, but server selection and more is already done.
* `dnscrypt-proxy -service install`: install dnscrypt-proxy service
* `dnscrypt-proxy -service start`: start the new service
You can see dnscrypt-proxy 2.0 installation instructions on the [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/installation).
!Warning! I did not set dnscrypt-proxy to run as non-root user yet. There are instructions on the [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/installation#running-it-as-a-non-root-user-on-linux)
**Warning** I did not set `dnscrypt-proxy` to run as non-root user yet.
Also see [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/DNS-server-sources) for details on DNS server sources.
There are instructions on the [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/installation#running-it-as-a-non-root-user-on-linux)
Also see the [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/DNS-server-sources) for details on DNS server sources.
## Step 2: Modify Pi-Hole
These instructions are the [same](https://github.com/pi-hole/pi-hole/wiki/DNSCrypt#change-your-dnsmasq-config), but will copy them here.
* sudo nano /etc/dnsmasq.d/02-dnscrypt.conf: Create new or edit existing conf.
* Change servers=<IP>#<port> where your dnscrypt-proxy is running. For example, my .toml file is listen_addresses = ['127.0.0.1:54', '[::1]:54'], so edit the conf file to be server=127.0.0.1#54
* sudo nano /etc/pihole/setupVars.conf: Edit setupVars.conf.
* Comment out #PIHOLE_DNS#= lines.
* sudo nano /etc/dnsmasq.d/01-pihole.conf
* Comment out #server=... lines
* sudo service dnsmasq restart: restart dnsmasq
* `sudo nano /etc/dnsmasq.d/02-dnscrypt.conf`: Create new or edit existing conf.
* Change `servers=<IP>#<port>` where `dnscrypt-proxy` is running. For example, my `.toml` file is `listen_addresses = ['127.0.0.1:54', '[::1]:54']`, so edit the conf file to be `server=127.0.0.1#54`
* `sudo nano /etc/pihole/setupVars.conf`: Edit setupVars.conf.
* Comment out `#PIHOLE_DNS#=` lines.
* `sudo nano /etc/dnsmasq.d/01-pihole.conf`
* Comment out `#server=...` lines
* `sudo service dnsmasq restart`: restart dnsmasq
## Test DNSCrypt
Use the built-in client:
```sh
dnscrypt-proxy -resolve google.com
```
This will display the resolver you are currently using.
* [Test site](https://dnssec.vs.uni-due.de/)
* [Test site](https://www.dnsleaktest.com/)
* [Test site](https://www.dnsleaktest.com/) -- Note that the output of this test is not enough to confirm the absence of leaks. In particular, Cisco and Google will transparently send a copy of your **real** network address to companies they partner with (edns-clientsubnet mechanism).
There are more links on the first test site as well.