So I very recently blogged about using Pi-hole with dnscrypt-proxy. Where I was aiming for was Pi-hole to talk to dnscrypt-proxy which in turn would talk to NextDNS (via DNS over TLS). I couldn't find a way to do this, so instead resorted to Stubby.
Installation was pretty simple:
- Install stubby via apt:
sudo apt intall stubby
- Edit the file /etc/stubby/stubby.ytml
- Under the listen_addresses section change it to:
listen_addresses: - address_data: 127.0.0.1 port: 5353 - address_data: 0::1 port: 5353
round_robin_upstreams: 1to become
- Change the upstream_recursive_servers section to be what is shown in your account under NextDNS. This is available under the Setup tab, and select Linux and then look for the Stubby section.
- Restart stubby:
sudo systemctl restart stubby
- Setup/install Pi-hole
- In your Pi-hole instance, change your upstream DNS become 127.0.0.1#5353
- Test you configuration:
dig @<pi-hole_ip> www.google.com(where <pi-hole_ip> is the IP address of your Pi-hole server).