mirrors
/
AdGuardHome
mirror of https://github.com/AdguardTeam/AdGuardHome.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DNSCrypt: standardize, add info about tls.enabled

Ainar Garipov 2021-08-17 18:24:02 +03:00
parent 3d75334d43
commit 4eb34607aa
1 changed files with 56 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
DNSCrypt.md

@ -1,33 +1,40 @@
# AdGuard Home - DNSCrypt
# AdGuard Home - DNSCrypt
1. [Generating A Configuration File](#generate-config)
2. [Generating A *DNSCrypt* Stamp](#generate-stamp)
3. [Configuring Devices To Use *DNSCrypt*](#configure-devices)
* [Generating A Configuration File](#generate-config)
* [Generating A *DNSCrypt* Stamp](#generate-stamp)
* [Configuring Devices To Use *DNSCrypt*](#configure-devices)
Since v0.105.0, AdGuard Home is able to work as a DNSCrypt server. However, this feature is only available via configuration file, you cannot set it up using the Web UI. This guide explains how to do this.
**Since v0.105.0**, AdGuard Home is able to work as a DNSCrypt server. However,
this feature is only available via configuration file, you cannot set it up
using the Web UI. This guide explains how to do this.
<a id="generate-config"></a>
## <a href="#generate-config" id="#generate-config" name="generate-config">Generating A Configuration File</a>
## Generating A Configuration File
Here is how to generate a DNSCrypt configuration file and point AdGuard Home to
it:
Here is how to generate a *DNSCrypt* configuration file and point *AdGuardHome*
to it:
1. **Important!** Make sure that your TLS settings are valid and encryption is
enabled.
1. Get the latest version of the [`dnscrypt`] utility for your system.
2. Run:
1. Run:
```sh
$ dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml
dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml
```
Where `example.org` is the name of your host and `./dnscrypt.yaml` is the
name of the configuration output file.
3. Before changing the configuration file, it is important to **stop AdGuard Home**.
In your *AdGuardHome* configuration file (typically `AdGuardHome.yaml`), add
the following lines:
1. Before changing the configuration file, it is important to **stop AdGuard
Home**. In your *AdGuardHome* configuration file (typically
`AdGuardHome.yaml`), add the following lines:
```yaml
'tls':
# N.B. The encryption must be enabled.
'enabled': true
# …
'port_dnscrypt': 5443
'dnscrypt_config_file': './dnscrypt.yaml'
@ -38,17 +45,19 @@ to it:
[`dnscrypt`]: https://github.com/ameshkov/dnscrypt/releases
<a id="generate-stamp"></a>
## Generating A *DNSCrypt* Stamp
## <a href="#generate-stamp" id="generate-stamp" name="generate-stamp">Generating A DNSCrypt Stamp</a>
Here is how to generate a *DNSCrypt* stamp and check your installation:
1. Go to <https://dnscrypt.info/stamps/>.
2. Enter the data from your *DNSCrypt* configuration file. The *Provider
public key* is the value of the `public_key` field in your *DNSCrypt*
configuration file. **Do not forget** to enter the host with your custom port!
3. Now you have a stamp that looks something like this:
1. Enter the data from your DNSCrypt configuration file. The *Provider public
key* is the value of the `public_key` field in your DNSCrypt configuration
file. **Do not forget** to enter the host with your custom port!
1. Now you have a stamp that looks something like this:
```none
sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn
@ -57,7 +66,7 @@ Here is how to generate a *DNSCrypt* stamp and check your installation:
Check your installation by running:
```sh
$ dnscrypt lookup-stamp\
dnscrypt lookup-stamp\
--domain 'example.com'\
--stamp 'sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn'\
--type 'a'
@ -65,15 +74,32 @@ Here is how to generate a *DNSCrypt* stamp and check your installation:
Where `example.com` is the domain name to lookup.
<a id="configure-devices"></a>
## Configuring Devices To Use *DNSCrypt*
- **All platforms:** [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) (reference implementation) - DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS, Android and more.
- **Android:** [AdGuard for Android](https://adguard.com/en/adguard-android/overview.html) supports `DNSCrypt`.
- **iOS:** [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) supports `DNSCrypt`.
- **iOS:** [DNSCloak](https://itunes.apple.com/app/id1452162351) uses dnscrypt-proxy internally and supports `DNSCrypt`.
- **Windows:** [AdGuard for Windows](https://adguard.com/en/adguard-windows/overview.html) supports `DNSCrypt`.
- **Windows:** [Simple DNSCrypt](https://simplednscrypt.org/) is a simple management tool to configure and run dnscrypt-proxy on Windows.
## <a href="#configure-devices" id="configure-devices" name="configure-devices">Configuring Devices To Use DNSCrypt</a>
You can find more implementations on the [DNSCrypt website](https://dnscrypt.info/implementations).
* **All platforms:** [`dnscrypt-proxy`][prox] (reference implementation).
DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS,
Android, and more.
* **Android:** [AdGuard for Android][andr] supports DNSCrypt.
* **iOS:** [AdGuard for iOS][ios] supports DNSCrypt.
* **iOS:** [DNSCloak][cloa] uses `dnscrypt-proxy` internally and supports
DNSCrypt.
* **Windows:** [AdGuard for Windows][win] supports DNSCrypt.
* **Windows:** [Simple DNSCrypt][simp] is a simple management tool to
configure and run `dnscrypt-proxy` on Windows.
You can find more implementations on the [DNSCrypt website][info].
[andr]: https://adguard.com/en/adguard-android/overview.html
[cloa]: https://itunes.apple.com/app/id1452162351
[info]: https://dnscrypt.info/implementations
[ios]: https://adguard.com/en/adguard-ios/overview.html
[prox]: https://github.com/DNSCrypt/dnscrypt-proxy
[simp]: https://simplednscrypt.org/
[win]: https://adguard.com/en/adguard-windows/overview.html