From 4eb34607aa60c26d493b47308e1d4d6cffda23f7 Mon Sep 17 00:00:00 2001 From: Ainar Garipov Date: Tue, 17 Aug 2021 18:24:02 +0300 Subject: [PATCH] DNSCrypt: standardize, add info about tls.enabled --- DNSCrypt.md | 86 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 56 insertions(+), 30 deletions(-) diff --git a/DNSCrypt.md b/DNSCrypt.md index 631f00f..661e32a 100644 --- a/DNSCrypt.md +++ b/DNSCrypt.md @@ -1,33 +1,40 @@ - # AdGuard Home - DNSCrypt + # AdGuard Home - DNSCrypt -1. [Generating A Configuration File](#generate-config) -2. [Generating A *DNSCrypt* Stamp](#generate-stamp) -3. [Configuring Devices To Use *DNSCrypt*](#configure-devices) + * [Generating A Configuration File](#generate-config) + * [Generating A *DNSCrypt* Stamp](#generate-stamp) + * [Configuring Devices To Use *DNSCrypt*](#configure-devices) -Since v0.105.0, AdGuard Home is able to work as a DNSCrypt server. However, this feature is only available via configuration file, you cannot set it up using the Web UI. This guide explains how to do this. +**Since v0.105.0**, AdGuard Home is able to work as a DNSCrypt server. However, +this feature is only available via configuration file, you cannot set it up +using the Web UI. This guide explains how to do this. - +## Generating A Configuration File -## Generating A Configuration File +Here is how to generate a DNSCrypt configuration file and point AdGuard Home to +it: -Here is how to generate a *DNSCrypt* configuration file and point *AdGuardHome* -to it: +1. **Important!** Make sure that your TLS settings are valid and encryption is + enabled. 1. Get the latest version of the [`dnscrypt`] utility for your system. -2. Run: + +1. Run: ```sh - $ dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml + dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml ``` Where `example.org` is the name of your host and `./dnscrypt.yaml` is the name of the configuration output file. -3. Before changing the configuration file, it is important to **stop AdGuard Home**. - In your *AdGuardHome* configuration file (typically `AdGuardHome.yaml`), add - the following lines: + +1. Before changing the configuration file, it is important to **stop AdGuard + Home**. In your *AdGuardHome* configuration file (typically + `AdGuardHome.yaml`), add the following lines: ```yaml 'tls': + # N.B. The encryption must be enabled. + 'enabled': true # … 'port_dnscrypt': 5443 'dnscrypt_config_file': './dnscrypt.yaml' @@ -38,17 +45,19 @@ to it: [`dnscrypt`]: https://github.com/ameshkov/dnscrypt/releases - -## Generating A *DNSCrypt* Stamp + +## Generating A DNSCrypt Stamp Here is how to generate a *DNSCrypt* stamp and check your installation: 1. Go to . -2. Enter the data from your *DNSCrypt* configuration file. The *Provider - public key* is the value of the `public_key` field in your *DNSCrypt* - configuration file. **Do not forget** to enter the host with your custom port! -3. Now you have a stamp that looks something like this: + +1. Enter the data from your DNSCrypt configuration file. The *Provider public + key* is the value of the `public_key` field in your DNSCrypt configuration + file. **Do not forget** to enter the host with your custom port! + +1. Now you have a stamp that looks something like this: ```none sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn @@ -57,7 +66,7 @@ Here is how to generate a *DNSCrypt* stamp and check your installation: Check your installation by running: ```sh - $ dnscrypt lookup-stamp\ + dnscrypt lookup-stamp\ --domain 'example.com'\ --stamp 'sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn'\ --type 'a' @@ -65,15 +74,32 @@ Here is how to generate a *DNSCrypt* stamp and check your installation: Where `example.com` is the domain name to lookup. - -## Configuring Devices To Use *DNSCrypt* -- **All platforms:** [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) (reference implementation) - DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS, Android and more. -- **Android:** [AdGuard for Android](https://adguard.com/en/adguard-android/overview.html) supports `DNSCrypt`. -- **iOS:** [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) supports `DNSCrypt`. -- **iOS:** [DNSCloak](https://itunes.apple.com/app/id1452162351) uses dnscrypt-proxy internally and supports `DNSCrypt`. -- **Windows:** [AdGuard for Windows](https://adguard.com/en/adguard-windows/overview.html) supports `DNSCrypt`. -- **Windows:** [Simple DNSCrypt](https://simplednscrypt.org/) is a simple management tool to configure and run dnscrypt-proxy on Windows. +## Configuring Devices To Use DNSCrypt -You can find more implementations on the [DNSCrypt website](https://dnscrypt.info/implementations). + * **All platforms:** [`dnscrypt-proxy`][prox] (reference implementation). + DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS, + Android, and more. + + * **Android:** [AdGuard for Android][andr] supports DNSCrypt. + + * **iOS:** [AdGuard for iOS][ios] supports DNSCrypt. + + * **iOS:** [DNSCloak][cloa] uses `dnscrypt-proxy` internally and supports + DNSCrypt. + + * **Windows:** [AdGuard for Windows][win] supports DNSCrypt. + + * **Windows:** [Simple DNSCrypt][simp] is a simple management tool to + configure and run `dnscrypt-proxy` on Windows. + +You can find more implementations on the [DNSCrypt website][info]. + +[andr]: https://adguard.com/en/adguard-android/overview.html +[cloa]: https://itunes.apple.com/app/id1452162351 +[info]: https://dnscrypt.info/implementations +[ios]: https://adguard.com/en/adguard-ios/overview.html +[prox]: https://github.com/DNSCrypt/dnscrypt-proxy +[simp]: https://simplednscrypt.org/ +[win]: https://adguard.com/en/adguard-windows/overview.html