cdbailey/dnscrypt-proxy-udmpro.txt

## dnscrypt-proxy-udmpro.txt
1. Download the latest version of dnscrypt-proxy from Github, specifically the linux_arm64 release. At the time of writing, the current release was 2.0.42.

      https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.42/dnscrypt-proxy-linux_arm64-2.0.42.tar.gz

2. Transfer the tarball to the UDM Pro using scp, placing the file into the /opt directory.  Explode the tarball and rename the resulting directory.  Remove the tarball (optional).

      Transfer file from local host to UDM Pro:
      scp dnscrypt-proxy-linux_arm64-2.0.42.tar.gz root@<udm pro IP goes here>:/opt

      Explode and rename (perform within SSH session on UDM Pro):
      tar -xf dnscrypt-proxy-linux_arm64-2.0.42.tar.gz
      mv linux-arm64 dnscrypt-proxy
      rm dnscrypt-proxy-linux_arm64-2.0.42.tar.gz
      cd dnscrypt-proxy

3. Copy the example-dnscrypt-proxy.toml file to dnscrypt-proxy.toml for configuration.  If you are familiar with dnscrypt-proxy, copy other example files as needed.

      cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml

4. Using vi, edit the dnscrypt-proxy.toml file and adjust the following configurations.

      server_names (adjust to your liking)

      Comment out the current listen_addresses, pasting the following beneath.
      This will configure dnscrypt-proxy to listen on 127.0.0.2, an interface not conflicting
      with other dns services on the UDM Pro.

      listen_addresses = ['127.0.0.2:53']

      Uncomment log_level and set to a value of 2 to perform diagnostics.

      log_level = 2

      Uncomment log_file.  Errors when executing the dnscrypt-proxy process will be logged here.

      log_file = 'dnscrypt-proxy.log'

      If you wish to use this to redirect queries for local zones to local DNS servers, configure
      forwarding_rules.

5. Using vi, save a file named start-dnscrypt-proxy with the following contents.

      start-stop-daemon -S -x /opt/dnscrypt-proxy/dnscrypt-proxy -b -v

6. Using vi, save a file named stop-dnscrypt-proxy with the following contents.

      start-stop-daemon -K -x /opt/dnscrypt-proxy/dnscrypt-proxy -v

7. Set scripts you just created to execute.

      chmod +x /opt/dnscrypt-proxy/start-dnscrypt-proxy
      chmod +x /opt/dnscrypt-proxy/stop-dnscrypt-proxy

8. Execute the start script to start dnscrypt-proxy.

      ./opt/dnscrypt-proxy/start-dnscrypt-proxy

9. Verify operation using NSLOOKUP.

      nslookup google.com 127.0.0.2

      If a result is provided, dnscrypt-proxy is operating properly.  You can also verify operation
      by reviewing the /opt/dnscrypt-proxy/dnscrypt-proxy.log file.

10. Reconfigure your WAN interface inside the UniFi Controller to point to 127.0.0.2 as its DNS server.
    Until you have fully validated operation, keep the secondary DNS server configured with an address
    from your ISP or on the internal LAN.

NOTE: dnscrypt-proxy will not autostart when the UDM Pro restarts, so you will have to start the process manually.  Another reason to have a secondary DNS server specified other than 127.0.0.2.
	1. Download the latest version of dnscrypt-proxy from Github, specifically the linux_arm64 release. At the time of writing, the current release was 2.0.42.

	https://github.com/DNSCrypt/dnscrypt-proxy/releases/download/2.0.42/dnscrypt-proxy-linux_arm64-2.0.42.tar.gz

	2. Transfer the tarball to the UDM Pro using scp, placing the file into the /opt directory. Explode the tarball and rename the resulting directory. Remove the tarball (optional).

	Transfer file from local host to UDM Pro:
	scp dnscrypt-proxy-linux_arm64-2.0.42.tar.gz root@<udm pro IP goes here>:/opt

	Explode and rename (perform within SSH session on UDM Pro):
	tar -xf dnscrypt-proxy-linux_arm64-2.0.42.tar.gz
	mv linux-arm64 dnscrypt-proxy
	rm dnscrypt-proxy-linux_arm64-2.0.42.tar.gz
	cd dnscrypt-proxy

	3. Copy the example-dnscrypt-proxy.toml file to dnscrypt-proxy.toml for configuration. If you are familiar with dnscrypt-proxy, copy other example files as needed.

	cp example-dnscrypt-proxy.toml dnscrypt-proxy.toml

	4. Using vi, edit the dnscrypt-proxy.toml file and adjust the following configurations.

	server_names (adjust to your liking)

	Comment out the current listen_addresses, pasting the following beneath.
	This will configure dnscrypt-proxy to listen on 127.0.0.2, an interface not conflicting
	with other dns services on the UDM Pro.

	listen_addresses = ['127.0.0.2:53']

	Uncomment log_level and set to a value of 2 to perform diagnostics.

	log_level = 2

	Uncomment log_file. Errors when executing the dnscrypt-proxy process will be logged here.

	log_file = 'dnscrypt-proxy.log'

	If you wish to use this to redirect queries for local zones to local DNS servers, configure
	forwarding_rules.

	5. Using vi, save a file named start-dnscrypt-proxy with the following contents.

	start-stop-daemon -S -x /opt/dnscrypt-proxy/dnscrypt-proxy -b -v

	6. Using vi, save a file named stop-dnscrypt-proxy with the following contents.

	start-stop-daemon -K -x /opt/dnscrypt-proxy/dnscrypt-proxy -v

	7. Set scripts you just created to execute.

	chmod +x /opt/dnscrypt-proxy/start-dnscrypt-proxy
	chmod +x /opt/dnscrypt-proxy/stop-dnscrypt-proxy

	8. Execute the start script to start dnscrypt-proxy.

	./opt/dnscrypt-proxy/start-dnscrypt-proxy

	9. Verify operation using NSLOOKUP.

	nslookup google.com 127.0.0.2

	If a result is provided, dnscrypt-proxy is operating properly. You can also verify operation
	by reviewing the /opt/dnscrypt-proxy/dnscrypt-proxy.log file.

	10. Reconfigure your WAN interface inside the UniFi Controller to point to 127.0.0.2 as its DNS server.
	Until you have fully validated operation, keep the secondary DNS server configured with an address
	from your ISP or on the internal LAN.

	NOTE: dnscrypt-proxy will not autostart when the UDM Pro restarts, so you will have to start the process manually. Another reason to have a secondary DNS server specified other than 127.0.0.2.