DNSCrypt: standardize, add info about tls.enabled
parent
3d75334d43
commit
4eb34607aa
84
DNSCrypt.md
84
DNSCrypt.md
|
@ -1,33 +1,40 @@
|
||||||
# AdGuard Home - DNSCrypt
|
# AdGuard Home - DNSCrypt
|
||||||
|
|
||||||
1. [Generating A Configuration File](#generate-config)
|
* [Generating A Configuration File](#generate-config)
|
||||||
2. [Generating A *DNSCrypt* Stamp](#generate-stamp)
|
* [Generating A *DNSCrypt* Stamp](#generate-stamp)
|
||||||
3. [Configuring Devices To Use *DNSCrypt*](#configure-devices)
|
* [Configuring Devices To Use *DNSCrypt*](#configure-devices)
|
||||||
|
|
||||||
Since v0.105.0, AdGuard Home is able to work as a DNSCrypt server. However, this feature is only available via configuration file, you cannot set it up using the Web UI. This guide explains how to do this.
|
**Since v0.105.0**, AdGuard Home is able to work as a DNSCrypt server. However,
|
||||||
|
this feature is only available via configuration file, you cannot set it up
|
||||||
|
using the Web UI. This guide explains how to do this.
|
||||||
|
|
||||||
<a id="generate-config"></a>
|
## <a href="#generate-config" id="#generate-config" name="generate-config">Generating A Configuration File</a>
|
||||||
|
|
||||||
## Generating A Configuration File
|
Here is how to generate a DNSCrypt configuration file and point AdGuard Home to
|
||||||
|
it:
|
||||||
|
|
||||||
Here is how to generate a *DNSCrypt* configuration file and point *AdGuardHome*
|
1. **Important!** Make sure that your TLS settings are valid and encryption is
|
||||||
to it:
|
enabled.
|
||||||
|
|
||||||
1. Get the latest version of the [`dnscrypt`] utility for your system.
|
1. Get the latest version of the [`dnscrypt`] utility for your system.
|
||||||
2. Run:
|
|
||||||
|
1. Run:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml
|
dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Where `example.org` is the name of your host and `./dnscrypt.yaml` is the
|
Where `example.org` is the name of your host and `./dnscrypt.yaml` is the
|
||||||
name of the configuration output file.
|
name of the configuration output file.
|
||||||
3. Before changing the configuration file, it is important to **stop AdGuard Home**.
|
|
||||||
In your *AdGuardHome* configuration file (typically `AdGuardHome.yaml`), add
|
1. Before changing the configuration file, it is important to **stop AdGuard
|
||||||
the following lines:
|
Home**. In your *AdGuardHome* configuration file (typically
|
||||||
|
`AdGuardHome.yaml`), add the following lines:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
'tls':
|
'tls':
|
||||||
|
# N.B. The encryption must be enabled.
|
||||||
|
'enabled': true
|
||||||
# …
|
# …
|
||||||
'port_dnscrypt': 5443
|
'port_dnscrypt': 5443
|
||||||
'dnscrypt_config_file': './dnscrypt.yaml'
|
'dnscrypt_config_file': './dnscrypt.yaml'
|
||||||
|
@ -38,17 +45,19 @@ to it:
|
||||||
|
|
||||||
[`dnscrypt`]: https://github.com/ameshkov/dnscrypt/releases
|
[`dnscrypt`]: https://github.com/ameshkov/dnscrypt/releases
|
||||||
|
|
||||||
<a id="generate-stamp"></a>
|
|
||||||
|
|
||||||
## Generating A *DNSCrypt* Stamp
|
|
||||||
|
## <a href="#generate-stamp" id="generate-stamp" name="generate-stamp">Generating A DNSCrypt Stamp</a>
|
||||||
|
|
||||||
Here is how to generate a *DNSCrypt* stamp and check your installation:
|
Here is how to generate a *DNSCrypt* stamp and check your installation:
|
||||||
|
|
||||||
1. Go to <https://dnscrypt.info/stamps/>.
|
1. Go to <https://dnscrypt.info/stamps/>.
|
||||||
2. Enter the data from your *DNSCrypt* configuration file. The *Provider
|
|
||||||
public key* is the value of the `public_key` field in your *DNSCrypt*
|
1. Enter the data from your DNSCrypt configuration file. The *Provider public
|
||||||
configuration file. **Do not forget** to enter the host with your custom port!
|
key* is the value of the `public_key` field in your DNSCrypt configuration
|
||||||
3. Now you have a stamp that looks something like this:
|
file. **Do not forget** to enter the host with your custom port!
|
||||||
|
|
||||||
|
1. Now you have a stamp that looks something like this:
|
||||||
|
|
||||||
```none
|
```none
|
||||||
sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn
|
sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn
|
||||||
|
@ -57,7 +66,7 @@ Here is how to generate a *DNSCrypt* stamp and check your installation:
|
||||||
Check your installation by running:
|
Check your installation by running:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
$ dnscrypt lookup-stamp\
|
dnscrypt lookup-stamp\
|
||||||
--domain 'example.com'\
|
--domain 'example.com'\
|
||||||
--stamp 'sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn'\
|
--stamp 'sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn'\
|
||||||
--type 'a'
|
--type 'a'
|
||||||
|
@ -65,15 +74,32 @@ Here is how to generate a *DNSCrypt* stamp and check your installation:
|
||||||
|
|
||||||
Where `example.com` is the domain name to lookup.
|
Where `example.com` is the domain name to lookup.
|
||||||
|
|
||||||
<a id="configure-devices"></a>
|
|
||||||
|
|
||||||
## Configuring Devices To Use *DNSCrypt*
|
|
||||||
|
|
||||||
- **All platforms:** [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) (reference implementation) - DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS, Android and more.
|
## <a href="#configure-devices" id="configure-devices" name="configure-devices">Configuring Devices To Use DNSCrypt</a>
|
||||||
- **Android:** [AdGuard for Android](https://adguard.com/en/adguard-android/overview.html) supports `DNSCrypt`.
|
|
||||||
- **iOS:** [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) supports `DNSCrypt`.
|
|
||||||
- **iOS:** [DNSCloak](https://itunes.apple.com/app/id1452162351) uses dnscrypt-proxy internally and supports `DNSCrypt`.
|
|
||||||
- **Windows:** [AdGuard for Windows](https://adguard.com/en/adguard-windows/overview.html) supports `DNSCrypt`.
|
|
||||||
- **Windows:** [Simple DNSCrypt](https://simplednscrypt.org/) is a simple management tool to configure and run dnscrypt-proxy on Windows.
|
|
||||||
|
|
||||||
You can find more implementations on the [DNSCrypt website](https://dnscrypt.info/implementations).
|
* **All platforms:** [`dnscrypt-proxy`][prox] (reference implementation).
|
||||||
|
DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS,
|
||||||
|
Android, and more.
|
||||||
|
|
||||||
|
* **Android:** [AdGuard for Android][andr] supports DNSCrypt.
|
||||||
|
|
||||||
|
* **iOS:** [AdGuard for iOS][ios] supports DNSCrypt.
|
||||||
|
|
||||||
|
* **iOS:** [DNSCloak][cloa] uses `dnscrypt-proxy` internally and supports
|
||||||
|
DNSCrypt.
|
||||||
|
|
||||||
|
* **Windows:** [AdGuard for Windows][win] supports DNSCrypt.
|
||||||
|
|
||||||
|
* **Windows:** [Simple DNSCrypt][simp] is a simple management tool to
|
||||||
|
configure and run `dnscrypt-proxy` on Windows.
|
||||||
|
|
||||||
|
You can find more implementations on the [DNSCrypt website][info].
|
||||||
|
|
||||||
|
[andr]: https://adguard.com/en/adguard-android/overview.html
|
||||||
|
[cloa]: https://itunes.apple.com/app/id1452162351
|
||||||
|
[info]: https://dnscrypt.info/implementations
|
||||||
|
[ios]: https://adguard.com/en/adguard-ios/overview.html
|
||||||
|
[prox]: https://github.com/DNSCrypt/dnscrypt-proxy
|
||||||
|
[simp]: https://simplednscrypt.org/
|
||||||
|
[win]: https://adguard.com/en/adguard-windows/overview.html
|
||||||
|
|
Loading…
Reference in New Issue