DNScrypt

[blixten85]

Prerequisites

Please answer the following questions for yourself before submitting an issue. YOU MAY DELETE THE PREREQUISITES SECTION.

• I am running the latest version
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed

Problem Description

How do i do this behind a router? There is no WiKi for it?
Must i run the Adguard Home exposed to the internet?

I am getting a public IP from DHCP from my ISP.
I get one public IP per unit.
In this case i generated the cert directly connected to the internet. This gave me a diffrent ip than my routers.
Now i am behind my router again (this is how i want to run this Adguard Home).
Getting the DNSCrypt to work behind the router will fail since 2021/02/11 14:09:02 [fatal] failed to establish connection with the server: dial udp: address *.priv.bahnhof.se: missing port in address

No wonder, i am behind another IP now (the router's one)
If i only could take the routers IP and generate cert and point port to my Adguard Home.

Proposed Solution

Alternatives Considered

Additional Information

[ameshkov]

Why would you want this behind the router?

The point of DNS encryption is to hide your traffic when it goes to a public server. If your AdGuard Home is not exposed to the Internet, there's no one who can see your traffic anyways.

[blixten85]

<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; font-size:11.0pt; font-family:"Calibri",sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} .MsoChpDefault {mso-style-type:export-only;} @page WordSection1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 70.85pt 70.85pt;} div.WordSection1 {page:WordSection1;} -->The ISP can?And anyone who sniffes my traffic. It just goes from my DNS server -> router -> internet instead, surely this must be more secure way to do it?But i dont know, you are the expert here!  Från: Andrey MeshkovSkickat: den 11 februari 2021 14:50Till: AdguardTeam/AdGuardHomeKopia: Anders Eriksson; AuthorÄmne: Re: [AdguardTeam/AdGuardHome] DNScrypt (#2669) Why would you want this behind the router?The point of DNS encryption is to hide your traffic when it goes to a public server. If your AdGuard Home is not exposed to the Internet, there's no one who can see your traffic anyways.—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe. 

[ameshkov]

You just need to use an encrypted DNS upstream in AdGuard Home. Although, it does use encryption by default.

[BobWs]

I have some questions about DNSCrypt

1. Will AGH work with this Docker DNSCrypt Server?
   https://github.com/dnscrypt/dnscrypt-server-docker

2. And also if you are already using AGH in combination with a VPN for all clients in a LAN Network is DNSCrypt overkill?

[ameshkov]

Well, it will, but you don't really need it, AGH is perfectly able to use DNSCrypt upstream servers OR work as a DNSCRypt server by itself.

And also if you are already using AGH in combination with a VPN for all clients in a LAN Network is DNSCrypt overkill?

Yes, for sure, this would be an overkill.

[blixten85]

Well, it will, but you don't really need it, AGH is perfectly able to use DNSCrypt upstream servers OR work as a DNSCRypt server by itself.

And also if you are already using AGH in combination with a VPN for all clients in a LAN Network is DNSCrypt overkill?

Yes, for sure, this would be an overkill.

But you must make sure it is dead, right?

[blixten85]

This does not work for me, i have even tried to configure a DNScrypt server of my own.
Still no success.
Is this guide all you need to get it working? Or is there something missing?
2021/02/19 20:46:41 [fatal] failed to establish connection with the server: read udp xxx.xxx.xxx.xxx:33456->xxx.xxx.xxx.xxx:5443: read: connection refused

I've managed to get the same result but with some I/O timed out error instead.

The box is infront of internet now, with a public ip.

[ameshkov]

Is this guide all you need to get it working? Or is there something missing?

Well, the guide is rather comprehensive, please carefully check that you've done all the steps from there:
https://github.com/AdguardTeam/AdGuardHome/wiki/DNSCrypt

2021/02/19 20:46:41 [fatal] failed to establish connection with the server: read udp xxx.xxx.xxx.xxx:33456->xxx.xxx.xxx.xxx:5443: read: connection refused

Sounds as if DNSCrypt server is not started.

[blixten85]

Well, you said AdGuard would act as DNSCrypt server?
And i did start a standalone dnscrypt server named dnscrypt-proxy. Still the same kind of problem.

[ameshkov]

dnscrypt-proxy is not a standalone dnscrypt server, this is a "forwarder" that accepts plain DNS queries and forwards them to a configured set of DNS servers (DOH or DNSCrypt). AdGuard Home with the default settings does pretty much the same.

[blixten85]

Ok, but the guide does not state that you need a standalone DNSCrypt server nor how to setup one. The guide you made are therefor incomplete. It does even state that AdGuard Home is perfectly capable of acting as DNSCrypt server so that is misleading too? Den tis 23 feb. 2021 18:57Andrey Meshkov <[email protected]> skrev:

…

dnscrypt-proxy is not a standalone dnscrypt server, this is a "forwarder" that accepts plain DNS queries and forwards them to a configured set of DNS servers (DOH or DNSCrypt). AdGuard Home with the default settings does pretty much the same. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#2741 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AIUMKF5L72SLJ6NA4OBH3CDTAPUBPANCNFSM4YCOPPVA> .

[ameshkov]

The guide explains how to run a DNSCrypt server with AdGuard Home.

[blixten85]

Point it out Den ons 24 feb. 2021 11:44Andrey Meshkov <[email protected]> skrev:

…

The guide explains how to run a DNSCrypt server with AdGuard Home. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#2741 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AIUMKF7SHEZIJZU2R5J64K3TATKAZANCNFSM4YCOPPVA> .

[ameshkov]

I've updated the guide to make it more clear.

[blixten85]

https://github.com/AdguardTeam/AdGuardHome/wiki/DNSCrypt/_compare/ab7b87698749824e921ed545f900d942cc558c5d...feea1a8efe472c24b955a23eee34d8f6b4331aa5 You changed an asterix? Den ons 24 feb. 2021 12:01Andrey Meshkov <[email protected]> skrev:

…

I've updated the guide to make it more clear. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#2741 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AIUMKF7VBOAXQUTBRP4GYKTTATMBPANCNFSM4YCOPPVA> .

[ameshkov]

https://github.com/AdguardTeam/AdGuardHome/wiki/DNSCrypt/_compare/ab7b87698749824e921ed545f900d942cc558c5d

[blixten85]

Yes but that configuration file i have, and its copied to the home folder of AdGuard. I have followed your steps in this guide one by one, line by line. There is something missing. And you are overlooking it. Den ons 24 feb. 2021 12:14Andrey Meshkov <[email protected]> skrev:

…

https://github.com/AdguardTeam/AdGuardHome/wiki/DNSCrypt/_compare/ab7b87698749824e921ed545f900d942cc558c5d — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#2741 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AIUMKFYTIJE7BPZGKNEWEPDTATNRFANCNFSM4YCOPPVA> .

[ameshkov]

I've checked this guide and used it myself, and I am pretty sure it works.

Note that AdGuard Home needs to be stopped when you change AdGuardHome.yaml.

[blixten85]

<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; font-size:11.0pt; font-family:"Calibri",sans-serif;} a:link, span.MsoHyperlink {mso-style-priority:99; color:blue; text-decoration:underline;} .MsoChpDefault {mso-style-type:export-only;} @page WordSection1 {size:612.0pt 792.0pt; margin:70.85pt 70.85pt 70.85pt 70.85pt;} div.WordSection1 {page:WordSection1;} -->It has been stopped, and restarted. Does anything else in addition need to be run besides AdGuard Home? Från: Andrey MeshkovSkickat: den 24 februari 2021 12:28Till: AdguardTeam/AdGuardHomeKopia: Anders Eriksson; AuthorÄmne: Re: [AdguardTeam/AdGuardHome] DNScrypt (#2741) I've checked this guide and used it myself, and I am pretty sure it works.Note that AdGuard Home needs to be stopped when you change AdGuardHome.yaml.—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe.