Skip to content

DNSCrypt

Andrey Meshkov edited this page Jan 22, 2021 · 9 revisions

AdGuard Home* - DNSCrypt

  1. Generating A Configuration File
  2. Generating A DNSCrypt Stamp
  3. Configuring Devices To Use DNSCrypt

Generating A Configuration File

Here is how to generate a DNSCrypt configuration file and point AdGuardHome to it:

  1. Get the latest version of the dnscrypt utility for your system.

  2. Run:

    $ dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml

    Where example.org is the name of your host and ./dnscrypt.yaml is the name of the configuration output file.

  3. In your AdGuardHome configuration file (typically AdGuardHome.yaml), add the following lines:

    'tls':
      #
      'port_dnscrypt': 5443
      'dnscrypt_config_file': './dnscrypt.yaml'

    Where 5443 is the port for your DNSCrypt server and ./dnscrypt.yaml is the name of the configuration file generated in step 2.

Generating A DNSCrypt Stamp

Here is how to generate a DNSCrypt stamp and check your installation:

  1. Go to https://dnscrypt.info/stamps/.

  2. Enter the data from your DNSCrypt configuration file. The Provider public key is the value of the public_key field in your DNSCrypt configuration file. Do not forget to enter the host with your custom port!

  3. Now you have a stamp that looks something like this:

    sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn
    

    Check your installation by running:

    $ dnscrypt lookup-stamp\
        --domain 'example.com'\
        --stamp 'sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn'\
        --type 'a'

    Where example.com is the domain name to lookup.

Configuring Devices To Use DNSCrypt

  • All platforms: dnscrypt-proxy (reference implementation) - DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS, Android and more.
  • Android: AdGuard for Android supports DNSCrypt.
  • iOS: AdGuard for iOS supports DNSCrypt.
  • iOS: DNSCloak uses dnscrypt-proxy internally and supports DNSCrypt.
  • Windows: AdGuard for Windows supports DNSCrypt.
  • Windows: Simple DNSCrypt is a simple management tool to configure and run dnscrypt-proxy on Windows.

You can find more implementations on the DNSCrypt website.