Enhanced DNS encryption and privacy for Pi-hole with pre-configured settings
🔍 Overview • ✨ Features • 🚀 Install • 📜 Scripts • ⚙️ Configuration • 🔐 Verification • 🗑️ Uninstall • ❓ FAQ
A preconfigured DNSCrypt-proxy package for Raspberry Pi and Pi-hole users that ensures secure, encrypted DNS queries through carefully selected DNSCrypt and DNS-over-HTTPS servers with strict no-logging policies.
- Encrypts all DNS queries for enhanced privacy
- Protects against DNS spoofing and MITM attacks
- Seamless integration with Pi-hole
- Pre-configured for optimal security and performance
✅ CURRENT VERSION:
- Raspberry Pi OS 12 (bookworm)
- Pi-hole v6.0+
- DNS server:
127.0.0.1#53533
| Feature | Description | Benefit |
|---|---|---|
| 🔒 DNSCrypt | Advanced DNS encryption | Protects against DNS surveillance |
| 🌐 DNS-over-HTTPS | Modern DNS protocol support | Additional security layer |
| 🕵️ Privacy Focus | No-log DNS servers only | Ensures query privacy |
| 🛡️ DNSSEC | Built-in validation | Prevents DNS spoofing |
| ⚡ Optimized | Raspberry Pi tuned | Efficient resource usage |
curl -sSfL https://raw.githubusercontent.com/mapi68/dnscrypt-proxy-pihole/master/dnscrypt-proxy-pihole-install | bash# Download latest package
wget https://github.com/mapi68/dnscrypt-proxy-pihole/raw/master/dnscrypt-proxy-pihole_latest_armhf.deb
# Install package
sudo dpkg -i dnscrypt-proxy-pihole_latest_armhf.deb
# Install dependencies if needed
sudo apt-get install -fDownloads and installs the latest dnscrypt-proxy package from official Debian repositories.
Features:
- Auto-detects system architecture
- Downloads latest version from Debian repos
- Handles all dependencies
- Multi-architecture support (amd64, arm64, armhf, i386)
Usage:
./install-latest-dnscrypt-proxy.bash
# Or specify architecture:
./install-latest-dnscrypt-proxy.bash armhfSets up DNSCrypt-proxy for optimal use with Pi-hole.
Features:
- Configures secure DNS settings
- Sets up port 53533 for Pi-hole
- Enables DNSSEC validation
- Configures no-logging policy
- Optimizes caching
Usage:
sudo ./dnscrypt-proxy-pihole.bash| Method | Description | When to Use |
|---|---|---|
dnscrypt-proxy-pihole-install |
Installs pre-configured package (dnscrypt-proxy-pihole_latest_armhf.deb) | For quick, automated setup |
install-latest-dnscrypt-proxy.bash |
Installs vanilla dnscrypt-proxy from Debian repos | For custom installations |
dnscrypt-proxy-pihole.bash |
Configures dnscrypt-proxy for Pi-hole | After manual installation |
- Access Pi-hole admin interface
- Navigate to Settings → DNS
- Configure:
- Set Custom DNS:
127.0.0.1#53533 - Disable DNSSEC (handled by DNSCrypt)
- Set Custom DNS:
Pi-hole DNS Configuration |
- Configuration:
/etc/dnscrypt-proxy/dnscrypt-proxy.toml - Query Log:
/var/log/dnscrypt-proxy/query.log - Service:
/lib/systemd/system/dnscrypt-proxy.service
- DNS Resolution:
tail -f /var/log/dnscrypt-proxy/query.log- Service Status:
journalctl -f -u dnscrypt-proxy- DNSSEC Test:
dig +dnssec google.com @127.0.0.1 -p 53533
Successful DNSSEC Validation |
Remove completely with:
sudo apt --purge remove dnscrypt-proxy-pihole -yQ: Why use this with Pi-hole?
- Adds DNS encryption to Pi-hole's ad-blocking capabilities
Q: Performance impact?
- Minimal; optimized for Raspberry Pi
Q: Custom DNS servers?
- Edit
/etc/dnscrypt-proxy/dnscrypt-proxy.toml
Q: Update procedure?
- Run
install-latest-dnscrypt-proxy.bash