Skip to content

DNSCrypt

Jump to bottom
Andrey Meshkov edited this page Feb 24, 2021 · 9 revisions

AdGuard Home* - DNSCrypt

  1. Generating A Configuration File
  2. Generating A DNSCrypt Stamp
  3. Configuring Devices To Use DNSCrypt

Since v0.105.0, AdGuard Home is able to work as a DNSCrypt server. However, this feature is only available via configuration file, you cannot set it up using the Web UI. This guide explains how to do this.

Generating A Configuration File

Here is how to generate a DNSCrypt configuration file and point AdGuardHome to it:

  1. Get the latest version of the dnscrypt utility for your system.

  2. Run:

    $ dnscrypt generate --provider-name '2.dnscrypt-cert.example.org' --out ./dnscrypt.yaml

    Where example.org is the name of your host and ./dnscrypt.yaml is the name of the configuration output file.

  3. Before changing the configuration file, it is important to stop AdGuard Home. In your AdGuardHome configuration file (typically AdGuardHome.yaml), add the following lines:

    'tls':
  #
  'port_dnscrypt': 5443
  'dnscrypt_config_file': './dnscrypt.yaml'

    Where 5443 is the port for your DNSCrypt server and ./dnscrypt.yaml is the name of the configuration file generated in step 2.

Generating A DNSCrypt Stamp

Here is how to generate a DNSCrypt stamp and check your installation:

  1. Go to https://dnscrypt.info/stamps/.

  2. Enter the data from your DNSCrypt configuration file. The Provider public key is the value of the public_key field in your DNSCrypt configuration file. Do not forget to enter the host with your custom port!

  3. Now you have a stamp that looks something like this:

    sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn

    Check your installation by running:

    $ dnscrypt lookup-stamp\
    --domain 'example.com'\
    --stamp 'sdns://AQcAAAAAAAAADTEyNy4wLjAuMTo0NDMg8R3bzEgX5UOEX93Uy4gYSbZCJvPeOXYlZp2HuRm8T7AbMi5kbnNjcnlwdC1jZXJ0LmV4YW1wbGUub3Jn'\
    --type 'a'

    Where example.com is the domain name to lookup.

Configuring Devices To Use DNSCrypt

  • All platforms: dnscrypt-proxy (reference implementation) - DNSCrypt-Proxy is a command-line proxy for Linux, BSD, Windows, MacOS, Android and more.
  • Android: AdGuard for Android supports DNSCrypt.
  • iOS: AdGuard for iOS supports DNSCrypt.
  • iOS: DNSCloak uses dnscrypt-proxy internally and supports DNSCrypt.
  • Windows: AdGuard for Windows supports DNSCrypt.
  • Windows: Simple DNSCrypt is a simple management tool to configure and run dnscrypt-proxy on Windows.

You can find more implementations on the DNSCrypt website.

Guides

Clone this wiki locally