Pi-hole/pi-hole
Pi-hole/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole.git synced 2025-01-12 06:54:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Removed unnecessary information and added DNSSEC validation config

Flaxe 2018-06-09 18:45:49 +02:00
parent 6b5abbf666
commit eba7310616
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
DNSCrypt-2.0.md

@ -27,9 +27,10 @@ There are instructions on the [wiki](https://github.com/jedisct1/dnscrypt-proxy/
Also see the [wiki](https://github.com/jedisct1/dnscrypt-proxy/wiki/DNS-server-sources) for details on DNS server sources.
## Step 2: Modify Pi-Hole
If you're running a newer version of Pi-Hole (might only be available on FTLDNS at the moment), you have the possibility to specify a "**Local DNS server on custom port**" in the Web interface by going to **Settings -> DNS**. Simply check the checkbox and enter 5353 as the port. In newer versions of FTLDNS, this option is no longer present, but all custom DNS fields can now take on a port number with the syntax (**host#port**). Of course, you should remove (uncheck) every other DNS server.
If you're running a new version of Pi-Hole FTLDNS, all custom DNS fields can now take on a port number with the syntax (**host#port**). Of course, you should remove (uncheck) every other DNS server. Like this:
![](https://i1.wp.com/pi-hole.net/wp-content/uploads/2018/05/RecursiveResolver.png?w=577&ssl=1)
If you're running a older version of Pi-Hole, then follow these instructions:
If you're running an older version of Pi-Hole, then follow these instructions:
* `sudo nano /etc/dnsmasq.d/02-dnscrypt.conf`: Create new or edit existing conf.
* Change `server=<IP>#<port>` where `dnscrypt-proxy` is running. For example, my `.toml` file is `listen_addresses = ['127.0.0.1:5353', '[::1]:5353']`, so edit the conf file to be `server=127.0.0.1#5353`
* `sudo nano /etc/pihole/setupVars.conf`: Edit setupVars.conf.
@ -38,6 +39,10 @@ If you're running a older version of Pi-Hole, then follow these instructions:
* Comment out all `server=...` lines. (set a # in the beginning of the line)
* `sudo service dnsmasq restart`: restart dnsmasq
### DNSSEC validation
If you configured DNSCrypt to use a resolver with enabled DNSSEC validation, make sure to enable it also in dnsmasq:
`echo "proxy-dnssec" >> /etc/dnsmasq.d/02-dnscrypt.conf`
## Test DNSCrypt
Use the built-in client: