diff --git a/DNSCrypt-2.0.md b/DNSCrypt-2.0.md new file mode 100644 index 0000000..0209466 --- /dev/null +++ b/DNSCrypt-2.0.md @@ -0,0 +1,45 @@ +This can probably replace the DNSCrypt page, but leaving it for archive purposes until DNSCrypt 2.0 instructions are fully fledged out. + +# DNSCrypt-Proxy 2.0 + +[DNSCrypt-Proxy 2.0](https://github.com/jedisct1/dnscrypt-proxy) drastically simplifies configuration and installation. There are pre-built binaries as well. The main configuration options are now centralized in a .toml file. Server selection and server updates are handled automatically. + +## Step 1: Install DNSCrypt-Proxy + +* mkdir -p /dnsproxy: (this is just a folder to store everything. Pihole instructions have this on the root of the partition, but should work from anywhere), suggest opt or etc. +* Download [latest](https://github.com/jedisct1/dnscrypt-proxy/releases/latest) pre-built binary. I'm using Debian, so I used linux_x86_64. There is a binary for arm. +* tar -xf : extract prebuilt binary +* cd linux_x86-64: cd into extracted dir +* nano/vi example-dnscrypt-proxy.toml: Edit the toml file. This is where all the fancy configuration happens. +* Edit port to be something other than 53 (since 53 is being used by PiHole). This is the listen_addresses line. Change both IPv4 and IPv6 as desired. +* Edit other settings as desired. I set dnssec to be True. There are a lot of other options, but server selection and more is already done. +* cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml +* dnscrypt-proxy -service install: install dnscrypt-proxy service +* dnscrypt-proxy -service start: start the new service + +You can see dnscrypt-proxy 2.0 installation instructions on the [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/installation). + +!Warning! I did not set dnscrypt-proxy to run as non-root user yet. There are instructions on the [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/installation#running-it-as-a-non-root-user-on-linux) + +Also see [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/DNS-server-sources) for details on DNS server sources. + +## Step 2: Modify Pi-Hole + +These instructions are the [same](https://github.com/pi-hole/pi-hole/wiki/DNSCrypt#change-your-dnsmasq-config), but will copy them here. + +* sudo nano /etc/dnsmasq.d/02-dnscrypt.conf: Create new or edit existing conf. +* Change servers=# where your dnscrypt-proxy is running. For example, my .toml file is listen_addresses = ['127.0.0.1:54', '[::1]:54'], so edit the conf file to be server=127.0.0.1#54 +* sudo nano /etc/pihole/setupVars.conf: Edit setupVars.conf. +* Comment out #PIHOLE_DNS#= lines. +* sudo nano /etc/dnsmasq.d/01-pihole.conf +* Comment out #server=... lines +* sudo service dnsmasq restart: restart dnsmasq + +## Test DNSCrypt + + +* [Test site](https://dnssec.vs.uni-due.de/) +* [Test site](https://www.dnsleaktest.com/) + + +There are more links on the first test site as well. \ No newline at end of file