Open
Conversation
![windsurf-bot[bot]](https://avatars.githubusercontent.com/in/1066231?s=60&v=4){kind=small}
Member
Author
|
In |
ainar-g
requested changes
Feb 24, 2026
Contributor
ainar-g
left a comment
ainar-g
left a comment
There was a problem hiding this comment.
docs/adguard-home/encryption.md:127:235 MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/adguard-home/encryption.md:147:442 MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/adguard-home/encryption.md:200:36 MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/adguard-home/encryption.md:200:63 MD059/descriptive-link-text Link text should be descriptive [Context: "[here]"]
docs/adguard-home/encryption.md
Outdated
|
|
||
| ::: | ||
|
|
||
| This guide explains how to setup a "Secure DNS" server with AdGuard Home. |
Contributor
There was a problem hiding this comment.
I'd replace "Secure DNS" with encrypted DNS without the quotation marks.
docs/adguard-home/encryption.md
Outdated
|
|
||
| ### Android | ||
|
|
||
| - Android 9 supports `DNS-over-TLS` natively. To configure it, go to *Settings* → *Network & internet* → *Advanced* → *Private DNS* and enter your domain name there. |
docs/adguard-home/encryption.md
Outdated
|
|
||
| ### iOS | ||
|
|
||
| - iOS 14 and higher support `DNS-over-TLS` and `DNS-over-HTTPS` natively via configuration profiles. In order to make things easier, AdGuard Home can generate these configuration profiles for you. Just head to *Setup Guide* → *DNS Privacy* and scroll to iOS. |
docs/adguard-home/encryption.md
Outdated
|
|
||
| ## Configuring DNSCrypt {#configure-dnscrypt} | ||
|
|
||
| Since v0.105.0, AdGuard Home is able to work as a DNSCrypt server. However, this feature is only available via configuration file, and can't be set up using the Web UI. This guide explains how to do this. |
Contributor
There was a problem hiding this comment.
I don't think that mention of the version is necessary anymore.
docs/adguard-home/encryption.md
Outdated
|
|
||
| Here is how to generate a DNSCrypt configuration file and point AdGuard Home to it: | ||
|
|
||
| 1. :::info Important |
Contributor
There was a problem hiding this comment.
Weird list. Perhaps, leave the Info outside of the list?
|
Preview was deployed to: https://pull-request-401.kb-dns.pages.dev/ |
el-termikael
requested changes
Feb 26, 2026
docs/adguard-home/encryption.md
Outdated
|
|
||
| :::note | ||
|
|
||
| AdGuard Home also supports [DNSCrypt][dnscrypt-info] (both client-side and server-side). See [this section](#configure-dnscrypt) to learn about configuring AdGuard Home as a DNSCrypt server. |
Contributor
There was a problem hiding this comment.
Suggested change
| AdGuard Home also supports [DNSCrypt][dnscrypt-info] (both client-side and server-side). See [this section](#configure-dnscrypt) to learn about configuring AdGuard Home as a DNSCrypt server. | |
| AdGuard Home supports both client-side and server-side [DNSCrypt][dnscrypt-info]. [Learn how to configure AdGuard Home as a DNSCrypt server](#configure-dnscrypt). |
docs/adguard-home/encryption.md
Outdated
|
|
||
| ## Server installation {#server-installation} | ||
|
|
||
| The purpose of securing the DNS traffic is to secure it from third-parties that might be analyzing or modifying it, e.g. from ISP. |
Contributor
There was a problem hiding this comment.
Suggested change
| The purpose of securing the DNS traffic is to secure it from third-parties that might be analyzing or modifying it, e.g. from ISP. | |
| The purpose of securing the DNS traffic is to secure it from third parties that might be analyzing or modifying it, e.g., from ISP. |
docs/adguard-home/encryption.md
Outdated
|
|
||
| ## Get an SSL certificate {#certificate} | ||
|
|
||
| Both `DNS-over-HTTPS` and `DNS-over-TLS` are based on [TLS encryption][tls-wikipedia] so in order to use them, you will need to acquire an SSL certificate. |
Contributor
There was a problem hiding this comment.
Suggested change
| Both `DNS-over-HTTPS` and `DNS-over-TLS` are based on [TLS encryption][tls-wikipedia] so in order to use them, you will need to acquire an SSL certificate. | |
| Both `DNS-over-HTTPS` and `DNS-over-TLS` are based on [TLS encryption][tls-wikipedia], so you will need an SSL certificate to use them. |
docs/adguard-home/encryption.md
Outdated
|
|
||
| Both `DNS-over-HTTPS` and `DNS-over-TLS` are based on [TLS encryption][tls-wikipedia] so in order to use them, you will need to acquire an SSL certificate. | ||
|
|
||
| An SSL certificate can be bought from a "Certificate Authority" (CA), a company trusted by browsers and operating systems to enroll SSL certificates for domains. |
Contributor
There was a problem hiding this comment.
Suggested change
| An SSL certificate can be bought from a "Certificate Authority" (CA), a company trusted by browsers and operating systems to enroll SSL certificates for domains. | |
| An SSL certificate can be bought from a Certificate Authority (CA), a company trusted by browsers and operating systems to enroll SSL certificates for domains. |
docs/adguard-home/encryption.md
Outdated
|
|
||
| An SSL certificate can be bought from a "Certificate Authority" (CA), a company trusted by browsers and operating systems to enroll SSL certificates for domains. | ||
|
|
||
| Alternatively, you can get the certificate for free from ["Let's Encrypt" CA][letsencrypt], a free certificate authority developed by the Internet Security Research Group (ISRG). |
Contributor
There was a problem hiding this comment.
Suggested change
| Alternatively, you can get the certificate for free from ["Let's Encrypt" CA][letsencrypt], a free certificate authority developed by the Internet Security Research Group (ISRG). | |
| Alternatively, you can get the certificate for free from the [Let’s Encrypt CA][letsencrypt], a free certificate authority developed by the Internet Security Research Group (ISRG). |
docs/adguard-home/encryption.md
Outdated
| There's also a really nice and easy-to-use alternative to CertBot called [LEGO][lego-source]. | ||
|
|
||
| 1. Install it using [an appropriate method][lego-install]. | ||
| 1. Choose your DNS provider from [the list][lego-provider] and follow the instruction to obtain a certificate. |
Contributor
There was a problem hiding this comment.
Suggested change
| 1. Choose your DNS provider from [the list][lego-provider] and follow the instruction to obtain a certificate. | |
| 1. Choose your DNS provider from [the list][lego-provider] and follow the instructions to obtain a certificate. |
docs/adguard-home/encryption.md
Outdated
| 1. Install it using [an appropriate method][lego-install]. | ||
| 1. Choose your DNS provider from [the list][lego-provider] and follow the instruction to obtain a certificate. | ||
|
|
||
| Also, here's [a simple script][legoagh] that you can use to automate certificates generation and renewal. |
Contributor
There was a problem hiding this comment.
Suggested change
| Also, here's [a simple script][legoagh] that you can use to automate certificates generation and renewal. | |
| Also, here’s [a simple script][legoagh] that you can use to automate certificates generation and renewal. |
docs/adguard-home/encryption.md
Outdated
|
|
||
| :::note | ||
|
|
||
| If a certificate and/or a private key is specified by file path, AdGuard Home will automatically reload them when they change. The reload may also be triggered by a SIGHUP signal. |
Contributor
There was a problem hiding this comment.
Suggested change
| If a certificate and/or a private key is specified by file path, AdGuard Home will automatically reload them when they change. The reload may also be triggered by a SIGHUP signal. | |
| AdGuard Home will automatically reload certificates and/or private keys specified by file path when they change. A reload may also be triggered by a SIGHUP signal. |
docs/adguard-home/encryption.md
Outdated
|
|
||
| We already have a [guide][reverse-proxy-faq] on configuring a reverse proxy server for accessing AdGuard Home web UI. | ||
|
|
||
| AdGuard Home is able to restrict DNS-over-HTTPS requests which came from the proxy server not included into "trusted" list. By default, it's configured to accept requests from IPv4 and IPv6 loopback addresses. |
Contributor
There was a problem hiding this comment.
please use quote marks and apostrophes according to our editorial policy
docs/adguard-home/encryption.md
Outdated
|
|
||
| :::note | ||
|
|
||
| Enter the host with your custom port! |
Contributor
There was a problem hiding this comment.
Suggested change
| Enter the host with your custom port! | |
| Enter the host with your custom port. |
|
Preview was deployed to: https://pull-request-401.kb-dns.pages.dev/ |
ainar-g
approved these changes
Feb 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Moving pages from wiki.