Simplest pihole + dnscrypt-proxy implementation on Raspberry Pi 4

4 min read

If you live in Indonesia, all home ISP will be filtered and some are locked which means you are only allowed to use only their DNS server which sometimes their DNS is a bit slow and hence if we use PiHole only, it’s only blocked the ads but some website will also still cannot be accessed. That’s where we need dnscrypt-proxy to get a faster, more open and more secured DNS.

You may have read this article about setting up dnscrypt-proxy on a macbook (if you haven’t you may want to check that out since it will be useful when you are in a public area). Maybe now you want to go big by setting up DNS in router so all clients can enjoy a faster and safer internet experience.

Let’s assume you have already setup a fresh installed Raspberry Pi OS from https://www.raspberrypi.org/downloads/raspberry-pi-os/

Also since I mentioned “simplest” we are going to use docker, yay! What is docker you asked? If VM is the virtualization of the OS, docker is a virtualization of the app instead.

Prerequisites:

  • Get the latest repo > sudo apt-get update
  • Upgraded OS distribution > sudo apt-get dist-upgrade
  • Installed git > sudo apt-get install curl git
  • Static IP configured > sudo vi /etc/dhcpcd.conf
  • Installed dns utilities, important to testing connection later on > sudo apt-get install dnsutils

The magic of Docker to install PiHole:

Step 1 – Install DockSTARTer

$ bash -c "$(curl -fsSL https://get.docker.com)"
$ bash -c "$(curl -fsSL https://get.dockstarter.com)"
$ sudo reboot

Step 3 – Run DockSTARTer and install Dependencies

$ ds

Step 4 – Go to Configuration – Select Apps

My recommendation of container apps would be:

  • netdata (monitoring your pi)
  • Pihole (doh!)
  • Portainer (docker UI management)
  • Watchtower (auto update running docker container)
  • The rest I will leave it up to you

Step 5 – Do not run compose yet!

Step 6 – Go to Configuration – Set App Variables

Step 7 – You can keep settings for other container to default, except for Pihole click No to configure instead

Keep the other port to default except for port 80 (web admin) you can change to any port you like and do setup webpassword in order pihole API to work this is important if you want to setup Pihole Remote later and last but very important set the server IP the same as your Raspberry Pi static IP address.

Step 8 – Now you can run docker compose and let the magic happen

Step 9 – Check that you can run the web admin means everything is good

and now the magic of docker to install dnscrypt-proxy:

If you searched through the DockSTARTer there is no dnscrypt-proxy but fear not I will show you how to do that in a simple command line but before that if you searched from docker hub for dnscrypt-proxy there are a few but we are going to use docker image klutchell/dnscrypt-proxy since it’s using the latest version. Here’s the step:

Step 1 – Let’s setup the volume that will be bind to the container

$ sudo mkdir /home/pi/.config/appdata/dnscrypt-proxy

Step 2 – Let’s make sure the folder is in the right group and user

$ sudo chown pi:pi /home/pi/.config/appdata/dnscrypt-proxy

Step 3 – Copy your dnscrypt-proxy.toml configuration file

Please make sure:

  • port listen to 5053 -> listen_addresses = [‘0.0.0.0:5053’]
  • My recommendation of dnscrypt-servers -> server_names = [‘id-gmail’, ‘id-gmail-doh’, ‘id-gmail-ipv6’, ‘id-gmail-doh-ipv6′,’cloudflare’,’cloudflare-ipv6′,’cloudflare-security’,’cloudflare-security-ipv6′,’quad9-dnscrypt-ip4-filter-pri’,’quad9-dnscrypt-ip6-filter-pri’,’doh.tiarap.org’,’doh.tiarap.org-ipv6′]
  • if your DNS server locked by your ISP make sure set your ISP DNS server for below options:
    • fallback_resolvers = [‘X.X.X.X:53’, ‘X.X.X.X:53’]
    • netprobe_address = ‘X.X.X.X:53’
  • cache = false
sudo cp /wherever/the/file/is/dnscrypt-proxy.toml /home/pi/.config/appdata/dnscrypt-proxy

Step 4 – Let’s create the container

$ docker run -v /home/pi/.config/appdata/dnscrypt-proxy:/config -v /etc/localtime:/etc/localtime:ro --name dnscrypt-proxy --network compose_default --hostname dnscrypt-proxy -d klutchell/dnscrypt-proxy

notice in docker run we don’t bind any port because the network we use is the same with PiHole so later on we can connect the DNScrypt to Pihole directly meaning dnscrypt-proxy only exposed in raspberry pi only.

Step 5 – Find the IP Address of the dnscrypt-proxy

If the container running well you can inspect and get the IP Address, or you can look up from Portainer

$ docker inspect dnscrypt-proxy | grep IPAddress

Step 6 – Test the dnscrypt-proxy

If everything setup correctly this should be the result

$ dig reddit.com @172.18.0.7 -p 5053

$ nslookup reddit.com 172.18.0.7 -port=5053

Now for the final step how to use the DNS server in PiHole using the dnscrypt-proxy container

Step 1 – Open the PiHole web admin go to settings – DNS and put the IP and the port under the Upstream DNS Servers

Step 2 – Test the connection

From your device check if everything setup correctly this should be the result

$ dig reddit.com @192.168.18.171

$ nslookup reddit.com 192.168.18.171

Step 3 – Setup the IP address of raspberry pi as DNS Server on your router DHCP

Just, Do it!!


Be generous and tipshare this post.
How much do you want to tip?
USD       


Don't know how to pay?