Pull request: add DNSCrypt.md
Merge in DNS/adguard-home-wiki from 2377-dnscrypt to master Closes #2377. Updates #1361. Squashed commit of the following: commit 45347ecd32d59842c63ceca84b8bb7ff4f971861 Author: Andrey Meshkov <am@adguard.com> Date: Mon Dec 7 17:51:03 2020 +0300 Added DNSCrypt clients, some minor improvements commit 95568c19d9b529d649e621f732c0d0ec5cc7bf4b Merge: 033e504 4cd04b5 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Dec 2 17:43:10 2020 +0300 Merge branch 'master' into 2377-dnscrypt commit 033e504d72604482a1a555427828b5b05a8a439c Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Nov 30 21:15:43 2020 +0300 add DNSCrypt.md
parent
4cd04b5f38
commit
ba710e1f23
|
@ -243,8 +243,14 @@ Settings are stored in [YAML format](https://en.wikipedia.org/wiki/YAML), possib
|
|||
- `enabled` - encryption (DOT/DOH/HTTPS) status.
|
||||
- `server_name` - the hostname of your HTTPS/TLS server.
|
||||
- `force_https` - if true, forces HTTP->HTTPS redirect.
|
||||
- `port_https` - HTTPS port. If 0, HTTPS will be disabled.
|
||||
- `port_dns_over_tls` - DNS-over-TLS port. If 0, DOT will be disabled.
|
||||
- `port_https` - HTTPS port. If `0`, HTTPS is disabled.
|
||||
- `port_dns_over_tls` - DNS-over-TLS port. If `0`, DOT is disabled.
|
||||
- `port_dns_over_quic` - DNS-over-QUIC port. If `0`, DOQ is disabled.
|
||||
- `port_dnscrypt` - DNSCrypt port. If `0`, DNSCrypt is disabled. See
|
||||
[DNSCrypt] for more information and examples.
|
||||
- `dnscrypt_config_file` - DNSCrypt configuration file path. **Must** be set
|
||||
if `port_dnscrypt` is not `0`. See the [`dnscrypt`] utility documentation
|
||||
for examples of configuration generation.
|
||||
- `allow_unencrypted_doh` - Allow DOH queries via unencrypted HTTP (e.g. for reverse proxying)
|
||||
- `certificate_chain` - PEM-encoded certificates chain.
|
||||
- `strict_sni_check` - Reject connection if the client uses server name (in SNI) that doesn't match the certificate
|
||||
|
@ -262,6 +268,9 @@ Settings are stored in [YAML format](https://en.wikipedia.org/wiki/YAML), possib
|
|||
|
||||
Removing an entry from settings file will reset it to the default value. Deleting the file will reset all settings to the default values.
|
||||
|
||||
[DNSCrypt]: https://github.com/AdguardTeam/AdGuardHome/wiki/DNSCrypt
|
||||
[`dnscrypt`]: https://github.com/ameshkov/dnscrypt
|
||||
|
||||
<a id="password-reset"></a>
|
||||
|
||||
## Reset Web Password
|
||||
|
|
|
@ -0,0 +1,76 @@
|
|||
# *AdGuard Home* - *DNSCrypt*
|
||||
|
||||
1. [Generating A Configuration File](#generate-config)
|
||||
2. [Generating A *DNSCrypt* Stamp](#generate-stamp)
|
||||
3. [Configuring Devices To Use *DNSCrypt*](#configure-devices)
|
||||
|
||||
<a id="generate-config"></a>
|
||||
|
||||
## Generating A Configuration File
|
||||
|
||||
Here is how to generate a *DNSCrypt* configuration file and point *AdGuardHome*
|
||||
to it:
|
||||
|
||||
1. Get the latest version of the [`dnscrypt`] utility for your system.
|
||||
2. Run:
|
||||
|
||||
```sh
|
||||
$ dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml
|
||||
```
|
||||
|
||||
Where `example.org` is the name of your host and `./dnscrypt.yaml` is the
|
||||
name of the configuration output file.
|
||||
3. In your *AdGuardHome* configuration file (typically `AdGuardHome.yaml`), add
|
||||
the following lines:
|
||||
|
||||
```yaml
|
||||
'tls':
|
||||
# …
|
||||
'port_dnscrypt': 5443
|
||||
'dnscrypt_config_file': './dnscrypt.yaml'
|
||||
```
|
||||
|
||||
Where `5443` is the port for your *DNSCrypt* server and `./dnscrypt.yaml` is
|
||||
the name of the configuration file generated in step 2.
|
||||
|
||||
[`dnscrypt`]: https://github.com/ameshkov/dnscrypt/releases
|
||||
|
||||
<a id="generate-stamp"></a>
|
||||
|
||||
## Generating A *DNSCrypt* Stamp
|
||||
|
||||
Here is how to generate a *DNSCrypt* stamp and check your installation:
|
||||
|
||||
1. Go to <https://dnscrypt.info/stamps/>.
|
||||
2. Enter the data from your *DNSCrypt* configuration file. The *Provider
|
||||
public key* is the value of the `public_key` field in your *DNSCrypt*
|
||||
configuration file. **Do not forget** to enter the host with your custom port!
|
||||
3. Now you have a stamp that looks something like this:
|
||||
|
||||
```none
|
||||
sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn
|
||||
```
|
||||
|
||||
Check your installation by running:
|
||||
|
||||
```sh
|
||||
$ dnscrypt lookup-stamp\
|
||||
--domain 'example.com'\
|
||||
--stamp 'sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn'\
|
||||
--type 'a'
|
||||
```
|
||||
|
||||
Where `example.com` is the domain name to lookup.
|
||||
|
||||
<a id="configure-devices"></a>
|
||||
|
||||
## Configuring Devices To Use *DNSCrypt*
|
||||
|
||||
- **All platforms:** [dnscrypt-proxy](https://github.com/DNSCrypt/dnscrypt-proxy) (reference implementation) - DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS, Android and more.
|
||||
- **Android:** [AdGuard for Android](https://adguard.com/en/adguard-android/overview.html) supports `DNSCrypt`.
|
||||
- **iOS:** [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) supports `DNSCrypt`.
|
||||
- **iOS:** [DNSCloak](https://itunes.apple.com/app/id1452162351) uses dnscrypt-proxy internally and supports `DNSCrypt`.
|
||||
- **Windows:** [AdGuard for Windows](https://adguard.com/en/adguard-windows/overview.html) supports `DNSCrypt`.
|
||||
- **Windows:** [Simple DNSCrypt](https://simplednscrypt.org/) is a simple management tool to configure and run dnscrypt-proxy on Windows.
|
||||
|
||||
You can find more implementations on the [DNSCrypt website](https://dnscrypt.info/implementations).
|
|
@ -4,7 +4,9 @@ We are proud to say that AdGuard Home supports all modern DNS encryption protoco
|
|||
|
||||
- [DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS)
|
||||
- [DNS-over-TLS](https://en.wikipedia.org/wiki/DNS_over_TLS)
|
||||
- [DNSCrypt](https://dnscrypt.info/) (upstreams only)
|
||||
- [DNS-over-QUIC](https://tools.ietf.org/html/draft-ietf-dprive-dnsoquic-01)
|
||||
|
||||
> AdGuard Home also supports [DNSCrypt](https://dnscrypt.info/) (both client-side and server-side). [Read this](DNSCrypt) to learn about configuring AdGuard Home as a DNSCrypt server.
|
||||
|
||||
In this guide we will explain how to setup your own "Secure DNS" server with AdGuard Home.
|
||||
|
||||
|
@ -98,20 +100,26 @@ There's also a really nice and easy-to-use alternative to CertBot called [lego](
|
|||
|
||||
## Configure your devices
|
||||
|
||||
Please note that encrypted DNS protocols are supported only on Android 9. So you need to install additional software for other operating systems.
|
||||
|
||||
Here's a list of software you can use.
|
||||
|
||||
### Android
|
||||
|
||||
- Android 9 supports DNS-over-TLS natively. To configure it, go to Settings → Network & internet → Advanced → Private DNS and enter your domain name there.
|
||||
- [AdGuard for Android](https://adguard.com/en/adguard-android/overview.html) supports `DNS-over-HTTPS` and `DNS-over-TLS`.
|
||||
- Android 9 supports `DNS-over-TLS` natively. To configure it, go to Settings → Network & internet → Advanced → Private DNS and enter your domain name there.
|
||||
- [AdGuard for Android](https://adguard.com/en/adguard-android/overview.html) supports `DNS-over-HTTPS`, `DNS-over-TLS`, `DNSCrypt` and `DNS-over-QUIC`.
|
||||
- [Intra](https://getintra.org/) adds `DNS-over-HTTPS` support to Android.
|
||||
|
||||
### iOS
|
||||
|
||||
- iOS 14 and higher support `DNS-over-TLS` and `DNS-over-HTTPS` natively via configuration profiles. In order to make things easier, AdGuard Home can generate these configuration profiles for you. Just head to "Setup Guide" -> "DNS Privacy" and scroll to iOS.
|
||||
- [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) supports `DNS-over-HTTPS`, `DNS-over-TLS`, `DNSCrypt` and `DNS-over-QUIC`.
|
||||
- [DNSCloak](https://itunes.apple.com/app/id1452162351) supports `DNS-over-HTTPS` but in order to configure it to use your own server, you'll need to generate a [DNS Stamp](https://dnscrypt.info/stamps) for it.
|
||||
- [AdGuard for iOS](https://adguard.com/en/adguard-ios/overview.html) supports `DNS-over-HTTPS` and `DNS-over-TLS`.
|
||||
|
||||
### Windows
|
||||
|
||||
- Windows 10 Build 19628 and higher support `DNS-over-HTTPS` natively.
|
||||
- [AdGuard for Windows](https://adguard.com/en/adguard-windows/overview.html) supports `DNS-over-HTTPS`, `DNS-over-TLS`, `DNSCrypt` and `DNS-over-QUIC`.
|
||||
|
||||
### MacOS
|
||||
|
||||
- MacOS Big Sur and higher support `DNS-over-TLS` and `DNS-over-HTTPS` natively via configuration profiles. In order to make things easier, AdGuard Home can generate these configuration profiles for you. Just head to "Setup Guide" -> "DNS Privacy" and scroll to iOS.
|
||||
|
||||
### Other implementations
|
||||
|
||||
|
@ -119,4 +127,5 @@ Here's a list of software you can use.
|
|||
- [dnsproxy](https://github.com/AdguardTeam/dnsproxy) supports all known secure DNS protocols.
|
||||
- [dnscrypt-proxy](https://github.com/jedisct1/dnscrypt-proxy) supports `DNS-over-HTTPS`.
|
||||
- [Mozilla Firefox](https://www.mozilla.org/firefox/) supports `DNS-over-HTTPS`.
|
||||
- You will find more implementations [here](https://dnscrypt.info/implementations) and [here](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients).
|
||||
|
||||
You can find more implementations [here](https://dnscrypt.info/implementations) and [here](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients).
|
||||
|
|
1
Home.md
1
Home.md
|
@ -29,6 +29,7 @@ The wiki was just recently created, so there isn't much content (yet).
|
|||
* [Configuration](Configuration)
|
||||
* [Comparing AdGuard Home to other solutions](Comparison)
|
||||
* [AdGuard Home as a DNS-over-HTTPS or DNS-over-TLS server](Encryption)
|
||||
* [AdGuard Home as a DNSCrypt server](DNSCrypt)
|
||||
* [How to install and run AdGuard Home on Raspberry Pi](Raspberry-Pi)
|
||||
* [How to install and run AdGuard Home on a Virtual Private Server](VPS)
|
||||
* [OpenRC service-script](OpenRC)
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
* [Configuration](Configuration)
|
||||
* [Comparing AdGuard Home to other solutions](Comparison)
|
||||
* [AdGuard Home as a DNS-over-HTTPS or DNS-over-TLS server](Encryption)
|
||||
* [AdGuard Home as a DNSCrypt server](DNSCrypt)
|
||||
* [How to install and run AdGuard Home on Raspberry Pi](Raspberry-Pi)
|
||||
* [How to install and run AdGuard Home on a Virtual Private Server](VPS)
|
||||
* [OpenRC service-script](OpenRC)
|
||||
|
|
Loading…
Reference in New Issue