Pull request: add DNSCrypt.md

Merge in DNS/adguard-home-wiki from 2377-dnscrypt to master Closes #2377. Updates #1361. Squashed commit of the following: commit 45347ecd32d59842c63ceca84b8bb7ff4f971861 Author: Andrey Meshkov <am@adguard.com> Date: Mon Dec 7 17:51:03 2020 +0300 Added DNSCrypt clients, some minor improvements commit 95568c19d9b529d649e621f732c0d0ec5cc7bf4b Merge: 033e504 4cd04b5 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 2 17:43:10 2020 +0300 Merge branch 'master' into 2377-dnscrypt commit 033e504d72604482a1a555427828b5b05a8a439c Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Nov 30 21:15:43 2020 +0300 add DNSCrypt.md
2020-12-07 17:55:01 +03:00 · 2020-12-07 17:55:01 +03:00 · ba710e1f23
parent 4cd04b5f38
commit ba710e1f23
5 changed files with 107 additions and 11 deletions
--- a/Configuration.md
+++ b/Configuration.md
@ -243,8 +243,14 @@ Settings are stored in [YAML format](https://en.wikipedia.org/wiki/YAML), possib
  - `enabled` - encryption (DOT/DOH/HTTPS) status.
  - `server_name` - the hostname of your HTTPS/TLS server.
  - `force_https` - if true, forces HTTP->HTTPS redirect.
-  - `port_https` - HTTPS port. If 0, HTTPS will be disabled.
+  - `port_https` - HTTPS port.  If `0`, HTTPS is disabled.
-  - `port_dns_over_tls` - DNS-over-TLS port. If 0, DOT will be disabled.
+  - `port_dns_over_tls` - DNS-over-TLS port.  If `0`, DOT is disabled.
  - `port_dns_over_quic` - DNS-over-QUIC port.  If `0`, DOQ is disabled.
  - `port_dnscrypt` - DNSCrypt port.  If `0`, DNSCrypt is disabled.  See
    [DNSCrypt] for more information and examples.
  - `dnscrypt_config_file` - DNSCrypt configuration file path.  **Must** be set
    if `port_dnscrypt` is not `0`.  See the [`dnscrypt`] utility documentation
    for examples of configuration generation.
  - `allow_unencrypted_doh` - Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying)
  - `certificate_chain` - PEM-encoded certificates chain.
  - `strict_sni_check` - Reject connection if the client uses server name (in SNI) that doesn't match the certificate
@ -262,6 +268,9 @@ Settings are stored in [YAML format](https://en.wikipedia.org/wiki/YAML), possib
 Removing an entry from settings file will reset it to the default value. Deleting the file will reset all settings to the default values.
 [DNSCrypt]: https://github.com/AdguardTeam/AdGuardHome/wiki/DNSCrypt
 [`dnscrypt`]: https://github.com/ameshkov/dnscrypt
 <a id="password-reset"></a>
 ## Reset Web Password
--- a/DNSCrypt.md
+++ b/DNSCrypt.md
@ -0,0 +1,76 @@
 #  *AdGuard Home* - *DNSCrypt*
 1. [Generating A Configuration File](#generate-config)
 2. [Generating A *DNSCrypt* Stamp](#generate-stamp)
 3. [Configuring Devices To Use *DNSCrypt*](#configure-devices)
 <a id="generate-config"></a>
 ## Generating A Configuration File
 Here is how to generate a *DNSCrypt* configuration file and point *AdGuardHome*
 to it:
 1.  Get the latest version of the [`dnscrypt`] utility for your system.
 2.  Run:
    ```sh
    $ dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml
    ```
    Where `example.org` is the name of your host and `./dnscrypt.yaml` is the
    name of the configuration output file.
 3.  In your *AdGuardHome* configuration file (typically `AdGuardHome.yaml`), add
    the following lines:
    ```yaml
    'tls':
      # …
      'port_dnscrypt': 5443
      'dnscrypt_config_file': './dnscrypt.yaml'
    ```
    Where `5443` is the port for your *DNSCrypt* server and `./dnscrypt.yaml` is
    the name of the configuration file generated in step 2.
 [`dnscrypt`]: https://github.com/ameshkov/dnscrypt/releases
 <a id="generate-stamp"></a>
 ## Generating A *DNSCrypt* Stamp
 Here is how to generate a *DNSCrypt* stamp and check your installation:
 1.  Go to <https://dnscrypt.info/stamps/>.
 2.  Enter the data from your *DNSCrypt* configuration file.  The *Provider
    public key* is the value of the `public_key` field in your *DNSCrypt*
    configuration file.  **Do not forget** to enter the host with your custom port!
 3.  Now you have a stamp that looks something like this:
    ```none
    sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn
    ```
    Check your installation by running:
    ```sh
    $ dnscrypt lookup-stamp\
        --domain 'example.com'\
        --stamp 'sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn'\
        --type 'a'
    ```
    Where `example.com` is the domain name to lookup.
 <a id="configure-devices"></a>
 ## Configuring Devices To Use *DNSCrypt*
 - **All platforms:** [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) (reference implementation) - DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS, Android and more.
 - **Android:** [AdGuard for Android](https://adguard.com/en/adguard-android/overview.html) supports `DNSCrypt`.
 - **iOS:** [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) supports `DNSCrypt`.
 - **iOS:** [DNSCloak](https://itunes.apple.com/app/id1452162351) uses dnscrypt-proxy internally and supports `DNSCrypt`.
 - **Windows:** [AdGuard for Windows](https://adguard.com/en/adguard-windows/overview.html) supports `DNSCrypt`.
 - **Windows:** [Simple DNSCrypt](https://simplednscrypt.org/) is a simple management tool to configure and run dnscrypt-proxy on Windows.
 You can find more implementations on the [DNSCrypt website](https://dnscrypt.info/implementations).
--- a/Encryption.md
+++ b/Encryption.md
@ -4,7 +4,9 @@ We are proud to say that AdGuard Home supports all modern DNS encryption protoco
 - [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS)
 - [DNS-over-TLS](https://en.wikipedia.org/wiki/DNS_over_TLS)
- [DNSCrypt](https://dnscrypt.info/) (upstreams only)
+- [DNS-over-QUIC](https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-01)
 > AdGuard Home also supports [DNSCrypt](https://dnscrypt.info/) (both client-side and server-side). [Read this](DNSCrypt) to learn about configuring AdGuard Home as a DNSCrypt server.
 In this guide we will explain how to setup your own "Secure DNS" server with AdGuard Home.
@ -98,20 +100,26 @@ There's also a really nice and easy-to-use alternative to CertBot called [lego](
 ## Configure your devices
 Please note that encrypted DNS protocols are supported only on Android 9. So you need to install additional software for other operating systems.
 Here's a list of software you can use.
 ### Android
- Android 9 supports DNS-over-TLS natively. To configure it, go to Settings → Network & internet → Advanced → Private DNS and enter your domain name there.
+- Android 9 supports `DNS-over-TLS` natively. To configure it, go to Settings → Network & internet → Advanced → Private DNS and enter your domain name there.
- [AdGuard for Android](https://adguard.com/en/adguard-android/overview.html) supports `DNS-over-HTTPS` and `DNS-over-TLS`.
+- [AdGuard for Android](https://adguard.com/en/adguard-android/overview.html) supports `DNS-over-HTTPS`, `DNS-over-TLS`, `DNSCrypt` and `DNS-over-QUIC`.
 - [Intra](https://getintra.org/) adds `DNS-over-HTTPS` support to Android.
 ### iOS
 - iOS 14 and higher support `DNS-over-TLS` and `DNS-over-HTTPS` natively via configuration profiles. In order to make things easier, AdGuard Home can generate these configuration profiles for you. Just head to "Setup Guide" -> "DNS Privacy" and scroll to iOS.
 - [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) supports `DNS-over-HTTPS`, `DNS-over-TLS`, `DNSCrypt` and `DNS-over-QUIC`.
 - [DNSCloak](https://itunes.apple.com/app/id1452162351) supports `DNS-over-HTTPS` but in order to configure it to use your own server, you'll need to generate a [DNS Stamp](https://dnscrypt.info/stamps) for it.
- [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) supports `DNS-over-HTTPS` and `DNS-over-TLS`.
+
 ### Windows
 - Windows 10 Build 19628 and higher support `DNS-over-HTTPS` natively.
 - [AdGuard for Windows](https://adguard.com/en/adguard-windows/overview.html) supports `DNS-over-HTTPS`, `DNS-over-TLS`, `DNSCrypt` and `DNS-over-QUIC`.
 ### MacOS
 - MacOS Big Sur and higher support `DNS-over-TLS` and `DNS-over-HTTPS` natively via configuration profiles. In order to make things easier, AdGuard Home can generate these configuration profiles for you. Just head to "Setup Guide" -> "DNS Privacy" and scroll to iOS.
 ### Other implementations
@ -119,4 +127,5 @@ Here's a list of software you can use.
 - [dnsproxy](https://github.com/AdguardTeam/dnsproxy) supports all known secure DNS protocols.
 - [dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy) supports `DNS-over-HTTPS`.
 - [Mozilla Firefox](https://www.mozilla.org/firefox/) supports `DNS-over-HTTPS`.
- You will find more implementations [here](https://dnscrypt.info/implementations) and [here](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients).
+
 You can find more implementations [here](https://dnscrypt.info/implementations) and [here](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients).
--- a/Home.md
+++ b/Home.md
@ -29,6 +29,7 @@ The wiki was just recently created, so there isn't much content (yet).
 * [Configuration](Configuration)
 * [Comparing AdGuard Home to other solutions](Comparison)
 * [AdGuard Home as a DNS-over-HTTPS or DNS-over-TLS server](Encryption)
 * [AdGuard Home as a DNSCrypt server](DNSCrypt)
 * [How to install and run AdGuard Home on Raspberry Pi](Raspberry-Pi)
 * [How to install and run AdGuard Home on a Virtual Private Server](VPS)
 * [OpenRC service-script](OpenRC)
--- a/__Sidebar.md
+++ b/__Sidebar.md
@ -6,6 +6,7 @@
 * [Configuration](Configuration)
 * [Comparing AdGuard Home to other solutions](Comparison)
 * [AdGuard Home as a DNS-over-HTTPS or DNS-over-TLS server](Encryption)
 * [AdGuard Home as a DNSCrypt server](DNSCrypt)
 * [How to install and run AdGuard Home on Raspberry Pi](Raspberry-Pi)
 * [How to install and run AdGuard Home on a Virtual Private Server](VPS)
 * [OpenRC service-script](OpenRC)