Raspberry Pi 3 with Pi-Hole & OpenVPN & DNSCrypt

My Raspberry Pi - during setup
Fig 1. My Raspberry Pi - during initial setup.

I decided to use Pi-Hole as an ad-blocker because advertisements are blocked before it gets downloaded to your computer or other devices. So I no longer will be needing an ad-block extension in the browser which ends up running faster and using fewer system resources. Most importantly is that it works with all devices on the network if the router is configured to make use of your Raspberry Pi as the DNS nameserver or each device configured individually.

With the use of OpenVPN the internet data will be encrypted. Which is very important when using public Wi-Fi where evil people can spy on your internet behavior and even snatch some of your private data that are being sent. Another reason would be if configured correctly, that you can benefit from Pi-Hole ad-blocking without the need to open a public port on your router or modem to your (Pi-Hole) DNS server.

When combined with DNSCrypt it prevents DNS spoofing. By using cryptographic signatures it verifies if the DNS response originates from the configured DNS resolver and haven’t been tampered with. Preventing MITM (Man-in-the-Middle) attacks.

And this is how I installed and configured it.

More …

DNSCrypt server

Successfully setup a DNSCrypt server. It is free, non-logging, daily keys rotation, uncensored, recursive DNS server with DNSSEC support.

The DNSCrypt server is located in The Netherlands, hosted at Vultr.

Why

Privacy and security basically sums it up. Two of the biggest issues these days.

DNSCrypt is one of the methods to give back your privacy and security. It encrypts DNS queries which otherwise are sent in plain text, even when you make use of a VPN or visit a website using SSL/TLS. Meaning that without DNS encryption anyone can spy on the connection to know what you are accessing.

According to DNSCrypt official website:

DNSCrypt is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with.