Pi-hole/pi-hole
Pi-hole/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole.git synced 2025-04-15 03:49:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Generic instructions for DNSCrypt-Proxy 2.0 setup with Pi-Hole

rewardone 2018-02-07 07:52:50 -06:00
parent c4257cfe31
commit a9e94bbc42
1 changed files with 45 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
DNSCrypt-2.0.md Normal file

@ -0,0 +1,45 @@
This can probably replace the DNSCrypt page, but leaving it for archive purposes until DNSCrypt 2.0 instructions are fully fledged out.
# DNSCrypt-Proxy 2.0
[DNSCrypt-Proxy 2.0](https://github.com/jedisct1/dnscrypt-proxy) drastically simplifies configuration and installation. There are pre-built binaries as well. The main configuration options are now centralized in a .toml file. Server selection and server updates are handled automatically.
## Step 1: Install DNSCrypt-Proxy
* mkdir -p /dnsproxy: (this is just a folder to store everything. Pihole instructions have this on the root of the partition, but should work from anywhere), suggest opt or etc.
* Download [latest](https://github.com/jedisct1/dnscrypt-proxy/releases/latest) pre-built binary. I'm using Debian, so I used linux_x86_64. There is a binary for arm.
* tar -xf <filename_linux_x86_64.tar.gz>: extract prebuilt binary
* cd linux_x86-64: cd into extracted dir
* nano/vi example-dnscrypt-proxy.toml: Edit the toml file. This is where all the fancy configuration happens.
* Edit port to be something other than 53 (since 53 is being used by PiHole). This is the listen_addresses line. Change both IPv4 and IPv6 as desired.
* Edit other settings as desired. I set dnssec to be True. There are a lot of other options, but server selection and more is already done.
* cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml
* dnscrypt-proxy -service install: install dnscrypt-proxy service
* dnscrypt-proxy -service start: start the new service
You can see dnscrypt-proxy 2.0 installation instructions on the [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/installation).
!Warning! I did not set dnscrypt-proxy to run as non-root user yet. There are instructions on the [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/installation#running-it-as-a-non-root-user-on-linux)
Also see [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/DNS-server-sources) for details on DNS server sources.
## Step 2: Modify Pi-Hole
These instructions are the [same](https://github.com/pi-hole/pi-hole/wiki/DNSCrypt#change-your-dnsmasq-config), but will copy them here.
* sudo nano /etc/dnsmasq.d/02-dnscrypt.conf: Create new or edit existing conf.
* Change servers=<IP>#<port> where your dnscrypt-proxy is running. For example, my .toml file is listen_addresses = ['127.0.0.1:54', '[::1]:54'], so edit the conf file to be server=127.0.0.1#54
* sudo nano /etc/pihole/setupVars.conf: Edit setupVars.conf.
* Comment out #PIHOLE_DNS#= lines.
* sudo nano /etc/dnsmasq.d/01-pihole.conf
* Comment out #server=... lines
* sudo service dnsmasq restart: restart dnsmasq
## Test DNSCrypt
* [Test site](https://dnssec.vs.uni-due.de/)
* [Test site](https://www.dnsleaktest.com/)
There are more links on the first test site as well.