Simple DNS over HTTPS with dnscrypt-proxy-pihole and Raspberry Pi

HELLO,
I want to share dnscrypt-proxy-pihole
It is a debian package for Raspberry Pi which installs dnscrypt-proxy configured for DNS over HTTPS with Cloudflare DNS servers and Pi-hole.

More info here: https://github.com/mapi68/dnscrypt-proxy-pihole




Isp can still see what domains you go to :roll_eyes:

Use VPN

@Tntdruid no only https://blabla.cloudflare.blabla is visible to your ISP

@mapi68 Encrypted traffic in a encrypted tunnel is not needed here.

@msatter Why?

@mapi68 What do you gain? Your ISP not knowing which DNS provider you use?

@msatter Traditionally, DNS queries are sent in plaintext. Anyone listening on the Internet can see which websites you are connecting to. To ensure your DNS queries remain private, you should use a resolver that supports secure DNS transport such as DNS over HTTPS (DoH) or DNS over TLS (DoT).

After you get the encrypted DNS transaction completed and have the IP in hand, you immediately send that IP to your ISP in clear text and request that they connect you. It is not difficult for the ISP to figure out where you are browsing.

If you use a VPN service they see the same.

They know to which webserver you are going but these days with all those cloud services they need to inspect the SNI to know exactly which domain are surfing.

Doing qname (authorative) through a VPN is still the best solution in my world. Surfing also through a VPN allows only the VPN provider, knows both.

Tricky is to use Cloudflare and the visit sites that also being 'virtual' hosted on Cloudflare.

They have it to inspect.

hi. when you suggest 'use vpn' do you (anyone please) mean something like this:

also, i suscribe to a vpn service which i can code into my router (open vpn client) w/ ovpn files, etc. from my vpn provider.

anyway, the merlin firnware router has policy rules for how you might like to route traffic thruogh the vpn.

ex:

so just wondering, if i want to encrypt my pihole and unbound activity properly through the vpn that is, would i use that?

that is, in the 'source' if i add my pihole ip, add the destination ip as 0.0.0.0 lface set to vpn...

Setup: dnscrypt-proxy-pihole_2.0.44; Pi-hole v5.1.2; RPi 4B, 4GB. I am also running log2ram

I followed the instructions and on executing this:

sudo dpkg -i dnscrypt-proxy-pihole_2.0.44_armhf.deb; apt install -f -y

I am getting this:

(Reading database ... 118347 files and directories currently installed.)
Preparing to unpack dnscrypt-proxy-pihole_2.0.44_armhf.deb ...
Unpacking dnscrypt-proxy-pihole (2.0.44) over (2.0.44) ...
Setting up dnscrypt-proxy-pihole (2.0.44) ...
adduser: Only one or two names allowed.
dpkg: error processing package dnscrypt-proxy-pihole (--install):
installed dnscrypt-proxy-pihole package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
dnscrypt-proxy-pihole
E: Could not open lock file /var/lib/dpkg/lock-frontend - open (13: Permission denied)
E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), are you root?

I tried again with sudo su and this time I am getting the same 'Please choose...' menu twice and the following errors:

(Reading database ... 118347 files and directories currently installed.)
Preparing to unpack dnscrypt-proxy-pihole_2.0.44_armhf.deb ...
Unpacking dnscrypt-proxy-pihole (2.0.44) over (2.0.44) ...
Setting up dnscrypt-proxy-pihole (2.0.44) ...
adduser: Only one or two names allowed.
dpkg: error processing package dnscrypt-proxy-pihole (--install):
installed dnscrypt-proxy-pihole package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
dnscrypt-proxy-pihole
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up dnscrypt-proxy-pihole (2.0.44) ...
adduser: Only one or two names allowed.
dpkg: error processing package dnscrypt-proxy-pihole (--configure):
installed dnscrypt-proxy-pihole package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
dnscrypt-proxy-pihole
E: Sub-process /usr/bin/dpkg returned an error code (1)

Any advice please?

sudo dpkg -i dnscrypt-proxy-pihole_2.0.44_armhf.deb; sudo apt install -f -y

Thanks for the quick response. This corresponds to the second case above. I am getting the menu twice and the error below.

$ sudo dpkg -i dnscrypt-proxy-pihole_2.0.44_armhf.deb; sudo apt install -f -y
(Reading database ... 118347 files and directories currently installed.)
Preparing to unpack dnscrypt-proxy-pihole_2.0.44_armhf.deb ...
Unpacking dnscrypt-proxy-pihole (2.0.44) over (2.0.44) ...
Setting up dnscrypt-proxy-pihole (2.0.44) ...
adduser: Only one or two names allowed.
dpkg: error processing package dnscrypt-proxy-pihole (--install):
installed dnscrypt-proxy-pihole package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
dnscrypt-proxy-pihole
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up dnscrypt-proxy-pihole (2.0.44) ...
adduser: Only one or two names allowed.
dpkg: error processing package dnscrypt-proxy-pihole (--configure):
installed dnscrypt-proxy-pihole package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
dnscrypt-proxy-pihole
E: Sub-process /usr/bin/dpkg returned an error code (1)

Please download new deb package.

  • Fixed missing user _dnscrypt-proxy

This worked just fine. Many thanks.