breathless
Occasional Visitor
Everything that I've read regarding encrypting local LAN DNS says "you shouldn't do that, there's no reason for it, and it will cause problems". But nobody says how to do it anyway outside of installing certificates on every machine (at least I can't find it - with one exception noted later).
I actually have a use case where it would be very useful for me to have local LAN encryption, and would like to figure out how to do so regardless of the common wisdom of "don't do that".
I have a RustDesk server set up on my local LAN connecting through my domain name through a specified UDP port. One of the settings in RustDesk allows you to force a requirement for encryption in order for a successful connection to be made. I have that setting on, therefore if my local lan connections are not encrypted, they won't work PC to PC even within LAN. Having that setting on by default enables me to have no second thoughts about whether my RustDesk sessions outside of my LAN are secure because it simply rejects the connection if it isn't.
Up to this point I have bypassed this "issue" of being unable to connect to other machines in my house by using Adguard Desktop with the DNS feature activated and an upstream TLS DNS provider, which of course encrypts my connections, apparently even within LAN. I "know" because it immediately allows me to connect to other LAN machines as soon as I enable Adguard DNS (both machines have to have it). The same thing can of course be accomplished by doing the following even without Using the Adguard Desktop app with DNS by adding a DNS profile for Adguard in Windows 11 wifi / lan settings: https://gist.github.com/krcm0209/2d8ceb00ebf5b6113d920b8120913c02
Doing either of those things however bypasses the work that I've done recently in setting up Adguard Home with Unbound, since whatever machine that I do this method with will be using Adguard DNS instead of Unbound.
I found one solution that seems like it should have worked, but it doesn't: https://github.com/trinib/AdGuard-WireGuard-Unbound-DNScrypt/discussions/41
I added the info as specified in the tutorial: netsh dns add encryption server=192.168.X.X dohtemplate= https://servername(domain name)/dns-query autoupgrade=yes udpfallback=no
And I get an encrypted local connection, which I then verify by checking my Adguard Home query log, which shows a whole lot more HTTPS based connections for this particular machine.
I got excited and thought that was it, but RustDesk still won't make a "secure" encrypted connection.
I know its probably something simple and that I'm just a dummy, but if someone can help get me the rest of the way there I would appreciate it.
Thanks!
I actually have a use case where it would be very useful for me to have local LAN encryption, and would like to figure out how to do so regardless of the common wisdom of "don't do that".
I have a RustDesk server set up on my local LAN connecting through my domain name through a specified UDP port. One of the settings in RustDesk allows you to force a requirement for encryption in order for a successful connection to be made. I have that setting on, therefore if my local lan connections are not encrypted, they won't work PC to PC even within LAN. Having that setting on by default enables me to have no second thoughts about whether my RustDesk sessions outside of my LAN are secure because it simply rejects the connection if it isn't.
Up to this point I have bypassed this "issue" of being unable to connect to other machines in my house by using Adguard Desktop with the DNS feature activated and an upstream TLS DNS provider, which of course encrypts my connections, apparently even within LAN. I "know" because it immediately allows me to connect to other LAN machines as soon as I enable Adguard DNS (both machines have to have it). The same thing can of course be accomplished by doing the following even without Using the Adguard Desktop app with DNS by adding a DNS profile for Adguard in Windows 11 wifi / lan settings: https://gist.github.com/krcm0209/2d8ceb00ebf5b6113d920b8120913c02
Doing either of those things however bypasses the work that I've done recently in setting up Adguard Home with Unbound, since whatever machine that I do this method with will be using Adguard DNS instead of Unbound.
I found one solution that seems like it should have worked, but it doesn't: https://github.com/trinib/AdGuard-WireGuard-Unbound-DNScrypt/discussions/41
I added the info as specified in the tutorial: netsh dns add encryption server=192.168.X.X dohtemplate= https://servername(domain name)/dns-query autoupgrade=yes udpfallback=no
And I get an encrypted local connection, which I then verify by checking my Adguard Home query log, which shows a whole lot more HTTPS based connections for this particular machine.
I got excited and thought that was it, but RustDesk still won't make a "secure" encrypted connection.
I know its probably something simple and that I'm just a dummy, but if someone can help get me the rest of the way there I would appreciate it.
Thanks!
