Secure Your DNS with DNSSEC: AdGuard Home and Pi-Hole Integration with Stubby
Stop data brokers from exposing your information. Go to my sponsor https://aura.com/dbtech to get a 14-day free trial and see if your personal information has been compromised.
/=========================================/
In this comprehensive video tutorial, we’ll guide you through the process of fortifying your DNS security by implementing DNSSEC into AdGuard Home and Pi-Hole. By deploying the powerful Stubby container, you can enhance the privacy and integrity of your DNS requests, ensuring a safer and more secure online experience.
By the end of this tutorial, you’ll have a comprehensive understanding of how to integrate DNSSEC into your AdGuard Home and Pi-Hole setup using the Stubby container. Your online activities will be more secure, and your privacy will be better protected.
Join us on this journey to fortify your DNS security and enjoy a safer, more private online experience. Don’t forget to like, share, and subscribe for more informative tech tutorials!
This Stubby can be found here:
https://code.dbt3ch.com/YpCQgZ1i
This Pi-Hole / Stubby file can be found here:
https://code.dbt3ch.com/hZnc9L8r
This AdGuard / Stubby file can be found here:
https://code.dbt3ch.com/k0oSo2VS
NextDNS Affiliate Link:
https://dbte.ch/nextdns
/=========================================/
#DNSSEC #AdGuardHome #PiHole #Stubby #OnlinePrivacy #TechTutorial
Thanks for watching, and stay safe online!
Special Thanks
Thanks to Mattchis for his help on this!
His socials are the following:
Twitter: mattchis
Mastodon: @mattchis@infosec.exchange
Github: mattchis
/=========================================/
Intro
0:00 Intro
1:03 Sponsor Spot
2:37 Intro Continued
3:36 Pre-emptive DNS Fix
Stubby Setup
5:27 Configuring stubby.yml
7:26 Side Note
Pi-Hole Setup and Config
7:54 Creating Pi-Hole Network
9:16 Creating Pi-Hole Docker-Compose
12:18 Deploying Pi-Hole and stubby
13:18 Troubleshooting
15:27 Logging Into Pi-Hole
15:54 Configuring Upstream DNS
16:52 Changing Local DNS to Point to Pi-Hole
18:25 Testing Ad Blocking
AdGuard Setup and Config
20:33 Getting into AdGuard
21:07 Creating AdGuard Network
21:50 Creating AdGuard Docker-Compose
25:44 Deploying AdGuard and Stubby
26:40 First Configuring of AdGuard
27:14 Logging into AdGuard
27:16 Configuring Upstream DNS
28:21 Changing Local DNS to Point to AdGuard
28:41 Testing Ad Blocking
29:39 Troubleshooting
30:06 Validating Fix
Wrap Up
30:16 Wrapping Up
/=========================================/
Get early, ad-free access to new content by becoming a channel member, or a Patron!
✅ https://www.patreon.com/dbtech
✅ https://www.youtube.com/channel/UCVy16RS5eEDh8anP8j94G2A/join
All My Social Links:
✅ https://dbt3.ch/@dbtech
Join Discord!
✅ https://discord.gg/M9J6hFq
/=========================================/
The hardware in my recording studio is:
✔ Custom PC w/ Ryzen 2600, 32GB RAM, RTX 2070, Assorted Storage
✔ Panasonic LUMIX G7 4K Digital Camera: https://amzn.to/3IGEOcb
✔ SAMSUNG 34-Inch SJ55W Ultrawide Monitor: https://amzn.to/395g9BZ
✔ LG 27UK650-W 27” UHD IPS Display with HDR 10: https://amzn.to/398pg4S
✔ WALI Premium Dual Monitor Stand: https://amzn.to/398AiqM
✔ Neewer Lights: https://amzn.to/3nZcoSX
✔ Light Power Supply:https://amzn.to/3Konpqf
✔ 55″ Gaming Desk: https://amzn.to/3AkgHgw
✔ Sabrent USB-C Hub: https://amzn.to/3qFcwbV
✔ Das Keyboard 4 Professional: https://amzn.to/3G9rPxM
✔ Fuqido Big and Tall Gaming Chair: https://amzn.to/3IGegrq
/=========================================/
The hardware in my current home servers:
✔ Synology DS1621xs+ (provided by Synology): https://amzn.to/2ZwTMgl
✔ 6x8TB Seagate Exos Enterprise HDDs (provided by Synology): https://amzn.to/3auLdcb
✔ 16GB DDR4 ECC RAM (provided by Synology): https://amzn.to/3do7avd
✔ 2TB NVMe Caching Drive (provided by Sabrent): https://amzn.to/3dwPCxj
✔ TerraMaster F5-221 (provided by TerraMaster): https://amzn.to/3IfH2QD
✔ 5x6TB WD Red Plus NAS: https://amzn.to/3LnbPvC
✔ 8GB DDR3: https://amzn.to/3kfLTX3
✔ TerraMaster F4-423 (provided by TerraMaster): https://amzn.to/3kjUms5
✔ 2x8TB Seagate Barracuda Compute: https://amzn.to/3xBAO95
✔ 16GB TEAMGROUP Elite DDR4: https://amzn.to/3MzzFV9
✔ 512GB Silicon Power NVMe Caching Drive: https://amzn.to/3MzkBae
All amzn.to links are affiliate links.
/=========================================/
✨Find all my social accounts here:
✅ https://dbte.ch/
✨Ways to support DB Tech:
✅ https://www.patreon.com/dbtech
✅ https://www.paypal.me/DBTechReviews
✅ https://ko-fi.com/dbtech
✅ Cashapp: https://cash.app/$dbtechyt
✅ Venmo: https://venmo.com/dbtechyt
✨Come chat in Discord:
✅ https://dbte.ch/discord
✨Join this channel to get access to perks:
✅ https://www.youtube.com/channel/UCVy16RS5eEDh8anP8j94G2A/join
✨Hardware (Affiliate Links):
✅ TinyPilot KVM: https://dbte.ch/tpkvm
✅ LattePanda Delta 432: https://dbte.ch/dfrobot
✅ Lotmaxx SC-10 Shark: https://dbte.ch/sc10shark
✅ EchoGear 10U Rack: https://dbte.ch/echogear10u
by DB Tech
linux dns server
Stop data brokers from exposing your information. Go to my sponsor https://aura.com/dbtech to get a 14-day free trial and see if your personal information has been compromised.
I don't really recommend hardcoded dns server for windows, because sometime the static dns server gonna screw up dns setting for wireless lan
Thanks for the video, for all of your videos I've deployed a few projects from them. Question… what's the difference in this and enabling dnssec in the dns settings of adguard and pointing to a dnssec compatible upstream server (From the dns upstream server list in adguard that supports dnssec). Your video may be showing a better way to do this. I was just curious. Thanks again
In my previous comment, I said this was easy to add to my current pihole config, but it has ended up as anything but. When I switch to the docker IP for the Custom DNS, I no longer get any DNS resolution. dig commands time out. As soon as I turn back on the Google DNS servers, it works again. I have DNSSEC enabled, both containers are running, both containers are a part of the pihole_local_network when I perform docker network inspect pihole_local_network. I copied the proper information into the stubby.yml file for my NextDNS account. There's something about stubby that isn't working, but I don't know how to troubleshoot it more in depth. I don't know how I could perform a packet capture on 172.25.0.11 to see if it is even trying to talk out. Thoughts?
I use unbound for my pihole which goes directly to authoritative DNS servers. Looking at NextDNS, it looks like they are basically providing the same services that pihole and adguard do within their respective GUI but NextDNS does it over the internet by routing my DNS traffic to their servers for data discovery and comparison to see if it will match with a specific filter. Am I getting that right or am I missing something? I know that is basically like any other online DNS server (cloudflare, quad 9, opendns, etc). I just read over their privacy policy and they look to be in the clear. I just feel like most users of their service will go over the 300,000 queries in a month but $1.99/mo for unlimited isn’t bad at all.
Hey DB what is the different between nextdns and unbound? I am using unbound ..can I used both?
Nice video again 🙂 i'm thinking to set up adguard on a pi at home that is connected with A VPN to a pi hole in the cloud. Not sure if this Will work good bit sounds like a Fun project
These are great tools. I deployed AdGuard DNS at my home and it's made a huge difference, especially with mobile apps. I struggled with why it wouldn't work on my laptop and found that Chrome had enabled Google's own DNS over HTTPS features, so it was bypassing my filtered DNS. I tried to configure the browser to use my own secured DNS but ended up just using the systems' regular DNS. Not great for when I'm away, but at least the DNS is encrypted from my home.
Do you have a suggestion how to work around Xfinity style routers that don't offer all the custom router features?
Is there a way to deploy this without having to create a new container for docker and adguard? I already have 2 instances of adguard setup primary/secondary DNS. Is there a way to deploy the Stubby container and point it to adguard that I already have in place. Hope that makes sense.
Thank you for leaving the trouble-shooting steps in the video. It is always helpful to see someone figure out the problems that I am having!
Good video sir !! I like and use Adguard. 🙂
I'm a noob with this stuff but how does this differ from say doing a pihole + unbound setup ?
Thank you for this detail! Made it easy to update my pihole to include stubby.
Good video as always. Question! What is the difference between have nextdns configured within PiHole container and the stream configured to 127.0.0.1? This configuration is like host > pihole > pihole (127.0.0.1) > nextdns.
i love pihole but it just blocks every thing….i had faced many websites having issues