-
Notifications
You must be signed in to change notification settings - Fork 1k
Connecting to a remote dnscrypt proxy client from Android Pie using DNS over TLS
Since Android Pie supports configurable DNS-over-TLS it is very easy to redirect DNS queries from smartphone to your own server running dnscrypt-proxy (with your own blacklists, whitelists, timeblocks, adblocking etc.). No additional app is required.
You will need:
- server with dnscrypt-proxy of course
- nginx with stream modules ( build with --with-stream, --with-stream_ssl_module options)
- open port 853
Just add this snippet to nginx.conf
stream {
upstream dns-servers {
server 127.0.0.1:53;
}
server {
listen 853 ssl;
proxy_pass dns-servers;
ssl_certificate /etc/nginx/ssl/dot-server.crt;
ssl_certificate_key /etc/nginx/ssl/dot-server.key;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_handshake_timeout 10s;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
}
}
Restart nginx.
In Android Pie go to Settings--Network--Advanced--Private DNS and add the name of your server. This setting will persists for Wifi and Mobile connections.
In somecases if you want to run dnscrypt-proxy as a non-root user you'll get the error "[FATAL] listen udp 0.0.0.0:53: bind: permission denied"
to solve this problem you can run the following command and allow dnscrypt to have access to a low level port :
sudo setcap cap_net_bind_service=+ep $(which dnscrypt-proxy)
- Home
- Installation
- Configuration
- Checking that your DNS traffic is encrypted
- Automatic Updates
- Server sources
- Combining blocklists
- Public Blocklist and other configuration files
- Building from source
- Run your own DNSCrypt server in under 10 minutes
- DNS stamps specifications
- Windows Tips
- dnscrypt-proxy in the media
- Planned Features