Dnscrypt & piHole on Ubuntu

This post is about running pihole and dnscrypt on a ubuntu vm.

Basically this replaces my post about setting up a pi for pihole.. for a couple of reasons.

Firstly the dnscrypt project over at download.dnscrypt.org has stopped and is no longer supported.

and secondly I found that every time my Pi lost any power, it corrupted the SD card. meaning I had to re write the image to the SD card again.


Since Rasbian as roughtly based on Debian as is ubuntu.  I thought I’d have a go at setting up pihole and dnscrypt on a ubuntu vm.

For this I uses ubuntu Server 16.04.3 LTS as it has minimum installation requirments.

I made a vm for this but you could just as easily install on some old hardware if required.


When installing DONT install DNS services..  if you install DNS then you’ll have a dnsmasq service that doesnt read the hosts entry.

and you have to work around the NetworkManager (this can be done by following these instructions)


So Clean install of Ubuntu.

After installation update the ubuntu.

You may want to install openssh so you can easily ssh to the server.

You should now be able to putty to the server on its ip which makes copy / paste much easier.

You may want to apply additional config for locking down the SSH server later. (google it)

It’s also worth at this point setting the IP Address to static. Last thing you want is the DNS server changing IP address becuase DHCP reservation has expired. Also Pihole likes a static IP.
Use Vi or nano whichever you prefer to edit config.

look for somthing like

  • auto eth0
  • iface etho inet DHCP

and change to your static ip.. somthing like below.

Save and Reboot


the default config of dnsmasq should work fine for you.

Install Pi-Hole

Install Pi-Hole using their installer script. This is actually really easy and well done. simply run the command follow the instructions and you will get a functioning ad blocker.

Once Installed reset the admin password with

Setup Pi-Hole

Edit /etc/dnsmasq.conf

Modify #listen-address= to: listen-address=, 192.168.xxx.xxx
Replace the second IP with your Static IP.

Restart DNSMasq

Now to install Dnsctypt

This process has acutally become quite a bit easier.

The git hub project for DNSCrypt-Proxy 2

so we just need to download extract / install the project.  (Additional instructions can be found here https://github.com/pi-hole/pi-hole/wiki/DNSCrypt-2.0)

So now we downloaded and extracted the install files for dnscrypt-proxy 2

copy the example config file to one were going to install with and edit.

in the file dnscrypt-proxy.toml look listen_addresses = ['', '[::1]:53']

Change to the another port number I used 41 so it became listen_addresses = ['', '[::1]:41'] also change require_dnssec = true

Install and Start DnsCrypt-Proxy 2

Once installed you need to create a 02-dnscrypt.conf file

Create a additional DNSMasq configuration file.

My 02-dnscrypt.conf now looks like

Edit 01-pihole.conf

Comment (#) out all server references.

Edit setupVars.conf

Comment (#) out all piholeDNS references.

you may want to add
to the file /etc/network/interface

and also with pihole if you add host entries for your network computers then they show up nicely in pihole admin.

Reboot one last time

And login to the pihole at http://<Static IP>/admin

Additional PiHole Config

Under settings in pihole admin http://<your pi ip address>/admin
look under “Pi-Hole’s Block Lists” You can add lists from i-blocklists here.

Adding the mircosoft list will block microsoft ips from your pihole.



You can test youd DNS Service by pointing a computer at the static ip for the piHole and then visiting