This will be a super simple and easy to follow guide to get you using DNSCrypt and utilize DNSSEC with AdGuard Home and/or Pi-hole on Linux.
1: Open your terminal of choice or ssh into the machine
sudo su to become superuser
cd /opt since this is where we install DNSCrypt
4: You need to download the latest binaries from GitHub with
wget in this example we will use the 64bit version (since that is most common)
4.5: THIS ISN'T THE LINK YOU USE, use the latest release that is for your system
wget is the correct tool for the job, this is how you download the file
tar xzvf dnscrypt-proxy-linux_x86_64=2.0.46-beta3.tar.gz or whichever you have to download for your system
mv linux-x86_64 dnscrypt-proxy or whichever is for your system, could be
linuxi386 or whatever you downloaded for your system.
7: Delete the tar file with
rm dnscrypt-proxy-linux_x86_64=2.0.46-beta3.tar.gz or whichever file you have downloaded.
cd into the new directory with
mv to rename the example to the config file we are going to use.
mv example-dnscrypt-proxy.toml dnscrypt-proxy.toml
9.5: Now we are going to edit the newly created
.toml file with our editor of choice, in this example I will use Vim but you can use nano, emacs, etc.
vim dnscrypt-proxy.toml to begin editing the config file. This is a long file and mostly complete I will guide you through the lines you have to change.
listen_addresses = ['127.0.0.1:53'] needs to be changed to
listen_addresses = ['127.0.0.1:5335']
require_dnssec = false should be
require_dnssec = true
10: From here you are ready to continue with setup, but this is a huge config file with lots of options, you can tinker as you see fit.
./dnscrypt-proxy -service install and
./dnscrypt-proxy -service start and
systemctl enable dnscrypt-proxy
- Now login to the admin portal of either Pi-hole or AdGuard Home, whichever you are using.
Telling AdGuard Home to use DNSCrypt
Go into your AdGuard Home admin panel and go to Settings -> DNS settings
In the Upstream DNS servers box you now put 127.0.0.1:5335 and apply.
Telling Pi-hole to use DNSCrypt
- Go into Settings and go to Upstream DNS settings, uncheck every DNS box and check one custom IPv4 address, input
Make sure to enable DNSSEC in whichever software you are using with DNSCrypt.
If you have any issues or want to join a community of whole home adblocking/tech enthusiasts please check out: https://discord.com/invite/VzThBmB