dnscrypt-proxy-pihole

Preconfigured deb package for every Raspberry Pi and Pi-hole to use only best DNSCrypt, DNS-over-HTTPS and No-Log servers

View on GitHub

πŸ›‘οΈ dnscrypt-proxy-pihole

[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT) [![Pi-hole Compatible](https://img.shields.io/badge/Pi--hole-Compatible-green.svg)](https://pi-hole.net/) [![Raspberry Pi](https://img.shields.io/badge/Raspberry%20Pi-OS%2012-red.svg)](https://www.raspberrypi.org/)

DNSCrypt DoH No Logs


πŸ“’ Secure DNS solution for your Raspberry Pi & Pi-hole setup

Enhanced DNS encryption and privacy for Pi-hole with pre-configured settings

πŸ“‹ Table of Contents

[πŸ” Overview](#overview) β€’ [✨ Features](#features) β€’ [πŸš€ Install](#install) β€’ [πŸ“œ Scripts](#scripts) β€’ [βš™οΈ Configuration](#configuration) β€’ [πŸ” Verification](#verification) β€’ [πŸ—‘οΈ Uninstall](#uninstall) β€’ [❓ FAQ](#faq)

πŸ” Overview

A preconfigured DNSCrypt-proxy package for Raspberry Pi and Pi-hole users that ensures secure, encrypted DNS queries through carefully selected DNSCrypt and DNS-over-HTTPS servers with strict no-logging policies.

🎯 Key Benefits

πŸ“¦ Compatibility

βœ… CURRENT VERSION:

⚠️ LEGACY VERSION:

✨ Features

Feature Description Benefit
πŸ”’ DNSCrypt Advanced DNS encryption Protects against DNS surveillance
🌐 DNS-over-HTTPS Modern DNS protocol support Additional security layer
πŸ•΅οΈ Privacy Focus No-log DNS servers only Ensures query privacy
πŸ›‘οΈ DNSSEC Built-in validation Prevents DNS spoofing
⚑ Optimized Raspberry Pi tuned Efficient resource usage

πŸš€ Install

Quick Install

curl -sSfL https://raw.githubusercontent.com/mapi68/dnscrypt-proxy-pihole/master/dnscrypt-proxy-pihole-install | bash

Manual Installation

# Download latest package
wget https://github.com/mapi68/dnscrypt-proxy-pihole/raw/master/dnscrypt-proxy-pihole_latest_armhf.deb

# Install package
sudo dpkg -i dnscrypt-proxy-pihole_latest_armhf.deb

# Install dependencies if needed
sudo apt-get install -f

πŸ“œ Scripts

1. install-latest-dnscrypt-proxy.bash

πŸ”„ Automated Installer

Downloads and installs the latest dnscrypt-proxy package from official Debian repositories. **Features:** - Auto-detects system architecture - Downloads latest version from Debian repos - Handles all dependencies - Multi-architecture support (amd64, arm64, armhf, i386) **Usage:** ```bash ./install-latest-dnscrypt-proxy.bash # Or specify architecture: ./install-latest-dnscrypt-proxy.bash armhf ```

2. dnscrypt-proxy-pihole.bash

πŸ”§ Configuration Script

Sets up DNSCrypt-proxy for optimal use with Pi-hole. **Features:** - Configures secure DNS settings - Sets up port 53533 for Pi-hole - Enables DNSSEC validation - Configures no-logging policy - Optimizes caching **Usage:** ```bash sudo ./dnscrypt-proxy-pihole.bash ```

Installation Methods

Method Description When to Use
dnscrypt-proxy-pihole-install Installs pre-configured package (dnscrypt-proxy-pihole_latest_armhf.deb) For quick, automated setup
install-latest-dnscrypt-proxy.bash Installs vanilla dnscrypt-proxy from Debian repos For custom installations
dnscrypt-proxy-pihole.bash Configures dnscrypt-proxy for Pi-hole After manual installation

βš™οΈ Configuration

Pi-hole Setup

  1. Access Pi-hole admin interface
  2. Navigate to Settings β†’ DNS
  3. Configure:
    • Set Custom DNS: 127.0.0.1#53533
    • Disable DNSSEC (handled by DNSCrypt)
Pi-hole DNS Settings
Pi-hole DNS Configuration

Important Files

πŸ” Verification

System Checks

  1. DNS Resolution: 
    tail -f /var/log/dnscrypt-proxy/query.log
  2. Service Status: 
    journalctl -f -u dnscrypt-proxy
  3. DNSSEC Test: 
    dig +dnssec google.com @127.0.0.1 -p 53533
DNSSEC Validation
Successful DNSSEC Validation

Online Tests

πŸ—‘οΈ Uninstall

Remove completely with:

sudo apt --purge remove dnscrypt-proxy-pihole -y

❓ FAQ

Q: Why use this with Pi-hole?

Q: Performance impact?

Q: Custom DNS servers?

Q: Update procedure?