Secure Your DNS with DNSSEC: AdGuard Home and Pi-Hole Integration with Stubby

preview_player
Показать описание


/=========================================/

In this comprehensive video tutorial, we'll guide you through the process of fortifying your DNS security by implementing DNSSEC into AdGuard Home and Pi-Hole. By deploying the powerful Stubby container, you can enhance the privacy and integrity of your DNS requests, ensuring a safer and more secure online experience.

By the end of this tutorial, you'll have a comprehensive understanding of how to integrate DNSSEC into your AdGuard Home and Pi-Hole setup using the Stubby container. Your online activities will be more secure, and your privacy will be better protected.

Join us on this journey to fortify your DNS security and enjoy a safer, more private online experience. Don't forget to like, share, and subscribe for more informative tech tutorials!

This Stubby can be found here:

This Pi-Hole / Stubby file can be found here:

This AdGuard / Stubby file can be found here:

NextDNS Affiliate Link:

/=========================================/

#DNSSEC #AdGuardHome #PiHole #Stubby #OnlinePrivacy #TechTutorial

Thanks for watching, and stay safe online!

Special Thanks
Thanks to Mattchis for his help on this!
His socials are the following:
Twitter: mattchis
Github: mattchis

/=========================================/

Intro
0:00 Intro
1:03 Sponsor Spot
2:37 Intro Continued
3:36 Pre-emptive DNS Fix

Stubby Setup
7:26 Side Note

Pi-Hole Setup and Config
7:54 Creating Pi-Hole Network
9:16 Creating Pi-Hole Docker-Compose
12:18 Deploying Pi-Hole and stubby
13:18 Troubleshooting
15:27 Logging Into Pi-Hole
15:54 Configuring Upstream DNS
16:52 Changing Local DNS to Point to Pi-Hole
18:25 Testing Ad Blocking

AdGuard Setup and Config
20:33 Getting into AdGuard
21:07 Creating AdGuard Network
21:50 Creating AdGuard Docker-Compose
25:44 Deploying AdGuard and Stubby
26:40 First Configuring of AdGuard
27:14 Logging into AdGuard
27:16 Configuring Upstream DNS
28:21 Changing Local DNS to Point to AdGuard
28:41 Testing Ad Blocking
29:39 Troubleshooting
30:06 Validating Fix

Wrap Up
30:16 Wrapping Up

/=========================================/

Get early, ad-free access to new content by becoming a channel member, or a Patron!

All My Social Links:

Join Discord!

/=========================================/

The hardware in my recording studio is:
✔ Custom PC w/ Ryzen 2600, 32GB RAM, RTX 2070, Assorted Storage

/=========================================/

The hardware in my current home servers:

/=========================================/

✨Find all my social accounts here:

✨Ways to support DB Tech:

✨Come chat in Discord:

✨Join this channel to get access to perks:

✨Hardware (Affiliate Links):
  1. DB Tech
  2. DNSSEC
  3. AdGuard Home
  4. Pi-Hole
  5. Stubby container
  6. DNS security
Рекомендации по теме
Why Secure DNS 0:05:51

Why Secure DNS is Important

What is DNSSEC 0:11:17

What is DNSSEC (Domain Name System Security Extensions)?

DNSSEC Overview 0:08:48

DNSSEC Overview

Secure Your DNS 0:31:35

Secure Your DNS with DNSSEC: AdGuard Home and Pi-Hole Integration with Stubby

Enable DNSSEC to 0:00:56

Enable DNSSEC to Protect DNS Protocols

Secure your DNS 0:13:15

Secure your DNS Queries with Encrypted DNS

Complete Guide to 0:07:39

Complete Guide to Deploying DNSSEC

What is DNSSEC 0:02:42

What is DNSSEC in simple words?

Encrypt Your DNS 0:11:37

Encrypt Your DNS (STOP Your ISP SNOOPING!)

Which Is The 0:12:08

Which Is The Best DNS for Secure Browsing: CloudFlare, Quad9, NextDNS, and AdGuard DNS

DNS & DNSSEC 1:35:06

DNS & DNSSEC Tutorial 1

How to activate 0:03:16

How to activate DNSSEC for your domain name ?

Configure DNS Security 0:14:55

Configure DNS Security (DNSSec) on Windows Server 2019

What is DNSSEC? 0:01:54

What is DNSSEC?

DNSSec Explained 0:17:02

DNSSec Explained

Enable This Setting 0:16:38

Enable This Setting on EVERY Web Browser

DNS 101 Miniseries 0:11:09

DNS 101 Miniseries - #5 - Why do we need DNSSEC

What is DNS 0:07:12

What is DNS Hijacking - How to Protect Yourself?

DNS 101 Miniseries 0:17:35

DNS 101 Miniseries - #6 - How DNSSEC Works within a Zone

How to protect 0:11:55

How to protect DNS Domain Name Server | DNSSEC - DNS Security | PDNS - Protective DNS

DNSSEC 0:07:14

DNSSEC

DNSSEC - Why 0:05:02

DNSSEC - Why you should enable it to protect against Domain Spoofing.

HOW TO CONFIGURE 0:02:25

HOW TO CONFIGURE DNSSEC IN WINDOWS SERVER

Securing Route 53 0:11:12

Securing Route 53 hosted zone with DNSSEC | Amazon Web Services

Комментарии
Автор

Thank you for leaving the trouble-shooting steps in the video. It is always helpful to see someone figure out the problems that I am having!

tiller
Автор

These are great tools. I deployed AdGuard DNS at my home and it's made a huge difference, especially with mobile apps. I struggled with why it wouldn't work on my laptop and found that Chrome had enabled Google's own DNS over HTTPS features, so it was bypassing my filtered DNS. I tried to configure the browser to use my own secured DNS but ended up just using the systems' regular DNS. Not great for when I'm away, but at least the DNS is encrypted from my home.

BradleyBrown
Автор

Can you do a video on:
Pi-Hole with unbound, DNSSEC and DoT or DoH, using Cloudflare tunnel & CrowdSec & Fail2ban.

fbifido
Автор

With AGH you can put users or devices in groups, so all phones can have a different block list to all TVs or laptops, a handy feature.

Bond
Автор

I'm a noob with this stuff but how does this differ from say doing a pihole + unbound setup ?

VictorTe
Автор

Thank you for this detail! Made it easy to update my pihole to include stubby.

Dreamshadow
Автор

Thanks for the video, for all of your videos I've deployed a few projects from them. Question... what's the difference in this and enabling dnssec in the dns settings of adguard and pointing to a dnssec compatible upstream server (From the dns upstream server list in adguard that supports dnssec). Your video may be showing a better way to do this. I was just curious. Thanks again

sigler
Автор

Why not set unbound as recursive dns server in pihole and use Adguard as the upstream dns server? This is the way I have mine setup but I am using Quad9 as the upstream dns server.. works great.

macster
Автор

Thank you so much for this! Huge help :D

tonyscalleta
Автор

Thank you for your video. Does it work even if AdGuard Home is the DHCP server? If you want to use the AdGuardHome DHCP server, you must specify the --network host argument when creating the container. Thx

gudicsgergo
Автор

Any advantage in using this over unbound and pihole for security? It seems like it is good for blocking family content and screening, if you don't use unifi for screening

KratomSyndicate
Автор

@16:28 - can you explain the other options in the list, and when should one enable each option?

fbifido
Автор

I'm not too sure that ad blocking test site is correct. The ones that are in red, which means my adblocker was not able to block.. I tried to go to that actual site and I was not able to because the site itself is blocked. So if the actual site is blocked, why would it be in red saying the ad wasn't blocked?

mr.boniato
Автор

Good video as always. Question! What is the difference between have nextdns configured within PiHole container and the stream configured to 127.0.0.1? This configuration is like host > pihole > pihole (127.0.0.1) > nextdns.

dotcaodin
Автор

Hello may I asking why use Pi hole if Next DNS already block the same list that Pi hole ? also I can thinking viceversa why use next dns using Pi hole ?

juanignaciocirera
Автор

Do you have a suggestion how to work around Xfinity style routers that don't offer all the custom router features?

businessoftechnology
Автор

Good video sir !! I like and use Adguard. :)

JasonsLabVideos
Автор

In my previous comment, I said this was easy to add to my current pihole config, but it has ended up as anything but. When I switch to the docker IP for the Custom DNS, I no longer get any DNS resolution. dig commands time out. As soon as I turn back on the Google DNS servers, it works again. I have DNSSEC enabled, both containers are running, both containers are a part of the pihole_local_network when I perform docker network inspect pihole_local_network. I copied the proper information into the stubby.yml file for my NextDNS account. There's something about stubby that isn't working, but I don't know how to troubleshoot it more in depth. I don't know how I could perform a packet capture on 172.25.0.11 to see if it is even trying to talk out. Thoughts?

Dreamshadow
Автор

when I try to run docker compose (adguard) I have an error cause my port 53 is currently in use by systemd-resolved. I stoped that service to run docker compose but when I start again that doesnt works. when I test my upstream dns server got an error.

alvarobinimelis
Автор

Hey DB what is the different between nextdns and unbound? I am using unbound ..can I used both?

angelgil