Comments (21)
That's why I was hoping I could have DoH enabled as well so the device would always be subjected to the same thing e.g. AdGuard, unbound etc.
If you want it like that maybe I can try to get it to work .. I'll find some guide for now to share, maybe you can get it to work
from adguard-wireguard-unbound-dnscrypt.
So how does DoT show them on the client and server side?
because port 53 is a reserved DNS port that listens openly on systems, firewalls, and clients to transmit DNS queries.
from adguard-wireguard-unbound-dnscrypt.
Thanks for opening your first issue here 🙋🕵️
from adguard-wireguard-unbound-dnscrypt.
@eltonajmenezes It would not show.
Explanation:
Cloudfared tunnel daemon creates outbound-only connections to Cloudflare's edge. This daemon sits between Cloudflare network and your origin. Cloudflare attracts client requests and sends them to you via the daemon(the service)
Dns resolving software like unbound / bind / stubby / powerdns etc automatically advertises itself as the DNS server automatically on Linux using port 53. They provide a combination of a lightweight resolver library that can be run on DNS clients, such as host operating systems or routers, and a resolver daemon process which can run on a local host.
To get DoH(native), there are ways with dnscrypt or dnsmasq for example. You will need to do some tweaking to get unbound to work with it being both using port 53. There are maybe other ways as well.
from adguard-wireguard-unbound-dnscrypt.
Thank you @trinib for this explanation.
Do you have any articles that you can send my way so that I can achieve this?
The main reason why I am asking is when I am out of my home network I want to VPN into my network and achieve the security I setup.
from adguard-wireguard-unbound-dnscrypt.
Thank you @trinib for this explanation.
Do you have any articles that you can send my way so that I can achieve this?
The main reason why I am asking is when I am out of my home network I want to VPN into my network and achieve the security I setup.
correct me if I'm wrong, do want the server side(pi/linux) to have dns security as the client side do?
if so that can be tricky with one of the two sides communicating with ports for traffic, request etc. I don't think I saw a specific guide for that anywhere, I could be wrong.
from adguard-wireguard-unbound-dnscrypt.
@eltonajmenezes I think if you want a Linux system that is self-hosting some type of management server ( if that's is your case), it makes more sense to have a second Linux system as a VPN server and the other connected as a client that is hosting something like yunohost, home assistant etc...
from adguard-wireguard-unbound-dnscrypt.
Thank you @trinib for this explanation.
Do you have any articles that you can send my way so that I can achieve this?
The main reason why I am asking is when I am out of my home network I want to VPN into my network and achieve the security I setup.correct me if I'm wrong, do want the server side(pi/linux) to have dns security as the client side do?
if so that can be tricky with one of the two sides communicating with ports for traffic, request etc. I don't think I saw a specific guide for that anywhere, I could be wrong.
@trinib
Yes I would like the server side to have security.
As it stands if I connect to my server via a VPN and do a 1.1.1.1/help test then I see DoT is marked Yes!
I would like to have DoH as well.
And unfortunately I don't have any other system(s) I can use.
I have setup my RPI with AdGuard by following your perfect instructions.
But would really like to have the ability to securely route my traffic when I am outside as I do from home.
Hope this makes my ask/query a bit clearer.
from adguard-wireguard-unbound-dnscrypt.
@eltonajmenezes Ohhh I now get what you're thinking. You want DoH to show on the server side of things for WireGuard. No! that is not how it works. WireGuard uses an encrypted tunnel between two devices that has it's own IP and DNS security protocols. Running DoH tunnel or resolver, and DoT services on linux has NOTHING to do with a WireGuard connection accessing DoH/DoT security from outside.
You get DoH and DoT security with the VPN by adding it through it's DNS SERVERS, which I stated in guide it might not make much difference using them together(it's optional). WireGuard is good enough for encrypting data from hackers that is using some sort of network sniffing tool or middle man attack. DoH/DoT is more for privacy, security and speed on your home network when browsing websites mostly, also can block websites phishing.
But would really like to have the ability to securely route my traffic when I am outside as I do from home.
And do not worry, your traffic is secure using with or without Unbound or Cloudflare DNS servers alongside it.
from adguard-wireguard-unbound-dnscrypt.
@eltonajmenezes Ohhh I now get what you're thinking. You want DoH to show on the server side of things for WireGuard. No! that is not how it works. WireGuard uses an encrypted tunnel between two devices that has it's own IP and DNS security protocols. Running DoH tunnel or resolver, and DoT services on linux has NOTHING to do with a WireGuard connection accessing DoH/DoT security from outside.
You get DoH and DoT security with the VPN by adding it through it's DNS SERVERS, which I stated in guide it might not make much difference using them together(it's optional). WireGuard is good enough for encrypting data from hackers that is using some sort of network sniffing tool or middle man attack. DoH/DoT is more for privacy, security and speed on your home network when browsing websites mostly, also can block websites phishing.
But would really like to have the ability to securely route my traffic when I am outside as I do from home.
And do not worry, your traffic is secure using with or without Unbound or Cloudflare DNS servers alongside it.
Thanks for this clarification. Though I read in quite a few places that in some instances you would want to funnel outside traffic into your home network.
That's why I was hoping I could have DoH enabled as well so the device would always be subjected to the same thing e.g. AdGuard, unbound etc.
from adguard-wireguard-unbound-dnscrypt.
Ok, I think I might have a way to what you want. First I think there is no way that you can get DoH and DoT to show on the server side cause, these resolving DNS tools all need port 53 to listen openly on systems, firewalls, and clients to transmit DNS queries. What you need is to get DoH client(native) for Linux.
DNSCrypt is a protocol that encrypts, authenticates and optionally anonymizes communications between a DNS client and a DNS resolver. It can forward queries(like stubby) from a local DNS cache. It needs to listen on a different port from the default 53, cause the DNS cache using with Unbound needs to listen on 53.
Here is a guide from archlinux : https://wiki.archlinux.org/title/Dnscrypt-proxy#Local_DNS_cache_configuration (use service method to change ports)
and configure unbound : https://wiki.archlinux.org/title/Dnscrypt-proxy#Unbound
Just know, what you want to accomplish here only make sense if you are actually home physically, browsing websites on the Linux server system.
Thanks for this clarification. Though I read in quite a few places that in some instances you would want to funnel outside traffic into your home network
I think your whole point of view on this, is that you think you are like actually home using a device locally on your network with outside traffic around it. Understand WireGuard just routes to your home network using an encrypted tunnel, in result, making your devices on public networks seems like it's home but actually NOT .. That is one of the main concepts and feature of a VPN(virtual private network) like the paid ones, that change to different country locations(for restrictions) when you are actually not there.
I hope you understand now, DNS security tools on Linux has nothing to do with protecting traffic data from outside to home with WireGuard Tunnel. The DoH/DoT applies only when you add it to WireGuard DNS servers. That client(device) is still in WireGuard tunnel network with all DNS security regardless from Cloudfare1.1.1.1 on Linux server side showing DoH : yes
from adguard-wireguard-unbound-dnscrypt.
Thank you for this information @trinib
So I read this statement
Just know, what you want to accomplish here only make sense if you are actually home physically, browsing websites on the Linux server system.
I want to also have the DNScrypt to be encrypting traffic of my LAN network through AdGuard.
Can this be done and if so how?
(I have seen many articles of AdGuard and DNS crypt but I am unsure which is the one I should be using)
Is this a replacement of cloudflared DoH?
from adguard-wireguard-unbound-dnscrypt.
yes you can add to adguard it will be 127.0.2.1:53000
is this a replacement of cloudflared
DoH?
cloudflare tunneling and resolving are not the same so you can have it installed with dnscrpyt
from adguard-wireguard-unbound-dnscrypt.
Also keep in mind devices that is connected to adguard using cloudflare and dnscrpyt both using dns over https and querying traffic can have complicatations. Use one or the other if I was you.
from adguard-wireguard-unbound-dnscrypt.
yes you can add to adguard it will be
127.0.2.1:53000
is this a replacement of cloudflared
DoH?cloudflare tunneling and resolving are not the same so you can have it installed with dnscrpyt
@trinib
I have seen this article
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-linux
I guess this is similar to what you mentioned right? I.E. installing it locally for the Linux system?
https://wiki.archlinux.org/title/Dnscrypt-proxy#Unbound
And I found these articles
https://blog.cloudflare.com/deploying-gateway-using-a-raspberry-pi-dns-over-https-and-pi-hole/
https://github.com/AdguardTeam/AdGuardHome/wiki/DNSCrypt
https://dev.to/cipherops/using-dnscrypt-with-adguard-home-pi-hole-7j6
In short:
What I would like to do is to have DoH on the Linux system but also have it so that I have DoH for clients working with AdGuard the way that cloudflared DoH is working now
And finally uninstall cloudflared DoH because it also throws errors.
Would you be able to clarify how to get this setup? The way you have nicely outlined in your main article? I'm quite new to this. So I don't want to mess up the setup
from adguard-wireguard-unbound-dnscrypt.
you can't because of port 53 needed for DNS resolvers.. they cannnot all work on the same port to resolve on 1.1.1.1
from adguard-wireguard-unbound-dnscrypt.
you can't because of port 53 needed for DNS resolvers.. they cannnot all work on the same port to resolve on 1.1.1.1
So how does DoT show them on the client and server side?
And if it's one or the other can you tell me how to properly setup for the client side the way cloudflare for AdGuard is setup now? as that is more important than having the system be DoH only
from adguard-wireguard-unbound-dnscrypt.
you can't because of port 53 needed for DNS resolvers.. they cannnot all work on the same port to resolve on 1.1.1.1
So how does DoT show them on the client and server side?
And if it's one or the other can you tell me how to properly setup for the client side the way cloudflare for AdGuard is setup now? as that is more important than having the system be DoH only
I guess you did not read FAQ
AdGuard Home is basically a DNS proxy
from adguard-wireguard-unbound-dnscrypt.
you can't because of port 53 needed for DNS resolvers.. they cannnot all work on the same port to resolve on 1.1.1.1
So how does DoT show them on the client and server side?
And if it's one or the other can you tell me how to properly setup for the client side the way cloudflare for AdGuard is setup now? as that is more important than having the system be DoH only
I guess you did not read FAQ
AdGuard Home is basically a DNS proxy
Forgive me for asking again.
I did read that FAQ, but the manner in which you have shown the setup for cloudflare with AdGuard to get DoH; is there a procedure I need to follow to get DNSCRYPT with DoH on AdGuard?
Because I'm sorry but I am quite confused about how to go about this.
from adguard-wireguard-unbound-dnscrypt.
you already asked that #28 (comment) .. there are alot of different ways to achieve these DNS security and it can be confusing for someone new to it.. you need utilize google search, read documents, test and trial like I did. Asking people all the time eliminates your skills in problem solving , trust me.. sometimes think like no one understands it and your the only one learning it. It's a confident learning strategy i made for myself 😎
from adguard-wireguard-unbound-dnscrypt.
you already asked that #28 (comment) .. there are alot of different ways to achieve these DNS security and it can be confusing for someone new to it.. you need utilize google search, read documents, test and trial like I did. Asking people all the time eliminates your skills in problem solving , trust me.. sometimes think like no one understands it and your the only one learning it. It's a confident learning strategy i made for myself 😎
@trinib
I understand what you mean very clearly.
Could you at least guide me on which articles from the ones I found are correct for DoH on AdGuard via DNSCRYPT? Because there are quite a few I found that I listed or is what you suggested the way I can get the DoH for clients?
from adguard-wireguard-unbound-dnscrypt.
Related Issues (20)
- Auto update for pi HOT 2
- DoT not working with own public domain and SSL certificate HOT 2
- [feature]: Leverage Black Mirror to handle general blacklisting HOT 4
- Turn off DNSStubListener
- AdGuard - CloudFlare - DoH sporadically Yes via 1.1.1.1/help HOT 23
- warning: so-rcvbuf HOT 2
- AdGuard Home memory issue HOT 1
- How to: Make AdGuard UI and DNS service ports only accessible via VPN HOT 1
- More complete tutorial for Adguard+Wireguard+Knot+DnsCrypt(oDoH) HOT 4
- Got error about Unbound (so-rcvbuf and so-sendbuf) HOT 5
- Adguard home all interface HOT 26
- Stop promoting Cloudflare and DoH services! HOT 38
- Default Provided Unbound Config Does Not Work With DnsCrypt HOT 35
- Website stops loading due to DNS HOT 5
- DOH not working and not showing on cloudfare website. HOT 35
- SERVFAIL ISSUES HOT 8
- Unbound self-compiling from latest source HOT 10
- How can i setup netmaker + adguard + unbound HOT 3
- Updating block lists HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adguard-wireguard-unbound-dnscrypt.