Adguardhome: Provide DNS-over-HTTPS and DNS-over-TLS

Created on 11 Jun 2018  Â·  10Comments  Â·  Source: AdguardTeam/AdGuardHome

Subj

Details on the task: https://github.com/AdguardTeam/AdGuardHome/issues/285#issuecomment-456449852

High enhancement
Source
picture ameshkov
👍10

Most helpful comment

Dns over TLS support should be more prioritized due to addition of Proavte DNS over TLS option inbuilt in Android 9 pie
This will allow native adblocking in Android and allow adblocking over Mobile Data, moreover it is more battery efficient approach than Adblock VPN

picture ashwarsadh on 12 Sep 2018
👍2

All 10 comments

Dns over TLS support should be more prioritized due to addition of Proavte DNS over TLS option inbuilt in Android 9 pie
This will allow native adblocking in Android and allow adblocking over Mobile Data, moreover it is more battery efficient approach than Adblock VPN

ashwarsadh picture ashwarsadh on 12 Sep 2018
👍2

That's compelling.
So you point all your mobiles and laptops to your own DNS running on docker with Cloudland and you have privacy for DNS requests and no ADS.
Finally ..

ghost picture ghost on 19 Sep 2018

DNSCrypt-proxy support DoH too, and the server can be accepted via sdns:// stamp.

KrasnayaPloshchad picture KrasnayaPloshchad on 22 Sep 2018

Is DNSCrypt the same as sdns:// or tls:// ?

Bluscream picture Bluscream on 1 Nov 2018

No, it's a protocol, while sdns is a form of recording DNS server address

ameshkov picture ameshkov on 1 Nov 2018

Ah okay that means we need outgoing and icoming support for all three

Bluscream picture Bluscream on 1 Nov 2018

news?

loud thinking (i‘ll better go to bed... maybe)

it would be nice if theres a maintained list of dnscrypt servers (maybe a copy or a reference of franks work with dnscrypt-proxy) , doh (see abouve) and dot (see dnsprivacy.com)

maybe users will be able to click their resolvers, i think theres easyer to endusers

ibksturm picture ibksturm on 7 Dec 2018

Other service provider has this feature:
https://blahdns.com/

On Sat, Dec 8, 2018 at 1:56 AM Andreas Ziegler notifications@github.com
wrote:

news?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/AdguardTeam/AdGuardHome/issues/285#issuecomment-445355407,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AXajzulpRx4ekR7mZXnF_7VsbQTHJed9ks5u2s71gaJpZM4UiklP
.

ashwarsadh picture ashwarsadh on 13 Dec 2018

DOH support has been added to dnsproxy in v0.9.11: https://github.com/AdguardTeam/dnsproxy/releases/tag/v0.9.11

Here's what we need to do now:

  1. Add new settings section, check the mockup: https://uploads.adguard.com/up04_54sep_Diagrams_-_AGHome_Encryption__Moqups.png
  2. Use these new settings fields on both Web and DNS server initialization
  3. If any certificate in the chain is about to expire (<30 days), show a non-dismissable warning topline with the following text: "Your SSL certificate is about to expire. Update Encryption settings."

Validation rules:

  1. Check that the text entered to the "Certificates" field is a list of PEM-encoded certificates.
  2. Check that the text entered to the "Private key" field is a PEM-encoded private key.
  3. If server name is specified, check that it matches subaltnames of any of the specified certificates.
  4. HTTPS and TLS ports are different positive integers in the range of 80-65535. Setting HTTPS or TLS to 0 disables DOH/DOT.
ameshkov picture ameshkov on 22 Jan 2019
👍1

Done: https://github.com/AdguardTeam/AdGuardHome/pull/590

ameshkov picture ameshkov on 22 Feb 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sosp picture sosp  Â·  3Comments
snhv picture snhv  Â·  3Comments
thb007 picture thb007  Â·  3Comments
ameshkov picture ameshkov  Â·  3Comments
xiaofengcod picture xiaofengcod  Â·  3Comments