AdGuard Home with DNS-over-HTTPS (DoH) - Complete Deployment Guide

A comprehensive guide to deploy AdGuard Home with full DNS encryption (DoH + DoT) behind a reverse proxy, with no plain DNS exposed.

---

Table of Contents

• Overview
• Features
• Architecture
• Prerequisites
• Quick Start
• Detailed Setup Guide
  • Step 1: Server Preparation
  • Step 2: SSL Certificate Setup
  • Step 3: Docker Configuration
  • Step 4: Initial Setup
  • Step 5: Enable Encryption
  • Step 6: Disable Plain DNS
  • Step 7: Configure Upstream DNS
  • Step 8: Certificate Auto-Renewal
• Reverse Proxy Configuration
• Client Configuration
• UniFi DNS Shield Setup
• Security Hardening
• Maintenance
• Troubleshooting
• Thanks to Open Source
• Contributing
• License

---

Overview

This guide walks you through deploying a fully encrypted DNS server using AdGuard Home. By the end, you'll have:

• DNS-over-HTTPS (DoH) on port 443
• DNS-over-TLS (DoT) on port 853
• Plain DNS completely disabled
• Valid Let's Encrypt SSL certificates
• Automatic certificate renewal
• Ad-blocking and privacy protection

Why Self-Host DNS?

Benefit	Description
Privacy	Your ISP cannot see your DNS queries
Security	All DNS traffic is encrypted end-to-end
Ad Blocking	Network-wide ad and tracker blocking
Control	Full control over DNS filtering rules
No Logging	No third-party logging your queries

---

Features

• ✅ Full Encryption - No plain DNS (port 53) exposed
• ✅ DoH Support - DNS-over-HTTPS on port 443
• ✅ DoT Support - DNS-over-TLS on port 853
• ✅ Valid SSL - Let's Encrypt certificates with auto-renewal
• ✅ Docker Deployment - Easy to deploy and maintain
• ✅ Reverse Proxy Ready - Works behind Nginx, Traefik, Caddy, or Pangolin
• ✅ Ad Blocking - Built-in ad and tracker blocking
• ✅ Web Dashboard - Easy-to-use admin interface

---

Architecture

Network Flow Diagram

┌──────────────────────────────────────────────────────────────────────────┐
│                         ENCRYPTED DNS ARCHITECTURE                        │
├──────────────────────────────────────────────────────────────────────────┤
│                                                                          │
│   Client ──DoH/DoT──▶ Reverse Proxy ──HTTPS──▶ AdGuard ──DoH──▶ Upstream │
│     🔒                    🔒                    Home       🔒    DNS      │
│                                              (No Plain DNS)              │
│                                                                          │
├──────────────────────────────────────────────────────────────────────────┤
│   ✅ All traffic encrypted    ✅ Valid SSL    ✅ No port 53 exposed      │
└──────────────────────────────────────────────────────────────────────────┘

Detailed Architecture

flowchart TB
    subgraph Internet["☁️ Public Internet"]
        Client["🖥️ Client Device"]
    end

    subgraph ReverseProxy["Reverse Proxy Server"]
        Proxy["🔀 Nginx/Traefik/Caddy/Pangolin<br/>TLS Termination<br/>Let's Encrypt Cert"]
    end

    subgraph DNSServer["DNS Server"]
        subgraph Docker["🐳 Docker"]
            AGH["🛡️ AdGuard Home<br/>Port 443 (DoH)<br/>Port 853 (DoT)<br/>Plain DNS: DISABLED"]
        end
    end

    subgraph Upstream["☁️ Upstream DNS"]
        Cloudflare["🌐 Cloudflare<br/>1.1.1.1 (DoH)"]
        Google["🌐 Google<br/>8.8.8.8 (DoH)"]
        Quad9["🌐 Quad9<br/>9.9.9.9 (DoH)"]
    end

    Client -->|"🔒 DoH :443"| Proxy
    Proxy -->|"🔒 HTTPS"| AGH
    AGH -->|"🔒 DoH"| Cloudflare
    AGH -->|"🔒 DoH"| Google
    AGH -->|"🔒 DoH"| Quad9

Loading

Port Overview

Port	Protocol	Purpose	Status
443	HTTPS	DNS-over-HTTPS + Web UI	✅ Enabled
853	TLS	DNS-over-TLS	✅ Enabled
80	HTTP	Web UI (internal only)	✅ Internal
53	DNS	Plain DNS	❌ Disabled

---

Prerequisites

Before starting, ensure you have:

• A VPS or server with a public IP (or behind a reverse proxy)
• A domain name with DNS access (for SSL certificates)
• Docker and Docker Compose installed
• Basic terminal/SSH knowledge

Recommended Providers

Provider	Use Case
Hetzner	Great EU pricing, good performance
DigitalOcean	Simple setup, good documentation
Vultr	Global locations, hourly billing
Linode	Reliable, good support

Domain & DNS Providers

Provider	DNS Challenge Support
Cloudflare	✅ Recommended
Route53	✅ Supported
DigitalOcean	✅ Supported
Google Cloud DNS	✅ Supported

---

Quick Start

For experienced users, here's the quick setup:

# 1. Create directories
mkdir -p ~/adguard-home/{work,conf,certs}
cd ~/adguard-home

# 2. Get SSL certificates (using Cloudflare DNS challenge)
sudo certbot certonly --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
  -d dns.yourdomain.com

# 3. Copy certificates
sudo cp /etc/letsencrypt/live/dns.yourdomain.com/fullchain.pem ~/adguard-home/certs/
sudo cp /etc/letsencrypt/live/dns.yourdomain.com/privkey.pem ~/adguard-home/certs/
chmod 600 ~/adguard-home/certs/*

# 4. Create docker-compose.yml (see below)
# 5. Start container
docker compose up -d

# 6. Complete setup wizard at http://localhost:3000
# 7. Enable encryption in Settings → Encryption
# 8. Disable plain DNS

---

Detailed Setup Guide

Step 1: Server Preparation

1.1 Update System

sudo apt update && sudo apt upgrade -y

1.2 Install Docker

# Install Docker
curl -fsSL https://get.docker.com | sh

# Add your user to docker group
sudo usermod -aG docker $USER

# Logout and login again, then verify
docker --version
docker compose version

1.3 Create Directory Structure

mkdir -p ~/adguard-home/{work,conf,certs}
cd ~/adguard-home

Directory purposes:

Directory	Purpose
work/	Runtime data, query logs, statistics
conf/	Configuration files (AdGuardHome.yaml)
certs/	SSL certificates

---

Step 2: SSL Certificate Setup

You need valid SSL certificates for DoH/DoT to work. We'll use Let's Encrypt with Cloudflare DNS challenge.

2.1 Install Certbot

sudo apt install -y certbot python3-certbot-dns-cloudflare

2.2 Create Cloudflare API Token

1. Go to Cloudflare Dashboard → API Tokens
2. Click "Create Token"
3. Use template "Edit zone DNS"
4. Configure:
   • Permissions: Zone - DNS - Edit
   • Zone Resources: Include - Specific zone - yourdomain.com
5. Create and copy the token (won't be shown again)

2.3 Create Credentials File

mkdir -p ~/.secrets/certbot
nano ~/.secrets/certbot/cloudflare.ini

Content (single line only):

dns_cloudflare_api_token = YOUR_CLOUDFLARE_API_TOKEN_HERE

⚠️ Important: Replace YOUR_CLOUDFLARE_API_TOKEN_HERE with your actual token. No quotes!

Set secure permissions:

chmod 600 ~/.secrets/certbot/cloudflare.ini

2.4 Obtain Certificate

sudo certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini \
  --dns-cloudflare-propagation-seconds 60 \
  -d dns.yourdomain.com \
  --agree-tos \
  --email your-email@example.com \
  --non-interactive

Verify:

sudo certbot certificates

2.5 Copy Certificates

# Copy to AdGuard directory
sudo cp /etc/letsencrypt/live/dns.yourdomain.com/fullchain.pem ~/adguard-home/certs/
sudo cp /etc/letsencrypt/live/dns.yourdomain.com/privkey.pem ~/adguard-home/certs/

# Set ownership and permissions
sudo chown $USER:$USER ~/adguard-home/certs/*
chmod 600 ~/adguard-home/certs/fullchain.pem
chmod 600 ~/adguard-home/certs/privkey.pem

---

Step 3: Docker Configuration

3.1 Create Docker Compose File

nano ~/adguard-home/docker-compose.yml

Initial Setup Configuration:

services:
  adguardhome:
    image: adguard/adguardhome:latest
    container_name: adguardhome
    restart: unless-stopped
    volumes:
      - ./work:/opt/adguardhome/work
      - ./conf:/opt/adguardhome/conf
      - ./certs:/opt/adguardhome/certs:ro
    ports:
      # HTTPS + DoH
      - "443:443/tcp"
      # DNS-over-TLS
      - "853:853/tcp"
      # Web UI (local access)
      - "127.0.0.1:8080:80/tcp"
      # Initial setup (remove after setup)
      - "127.0.0.1:3000:3000/tcp"

💡 Note: If you're behind a reverse proxy or on a private network, bind to your private IP instead of 0.0.0.0.

Example for private network (e.g., 10.0.0.5):

ports:
  - "10.0.0.5:443:443/tcp"
  - "10.0.0.5:853:853/tcp"
  - "127.0.0.1:8080:80/tcp"
  - "127.0.0.1:3000:3000/tcp"

3.2 Start Container

cd ~/adguard-home
docker compose pull
docker compose up -d

Verify:

docker ps | grep adguardhome
docker logs adguardhome

---

Step 4: Initial Setup

4.1 Access Setup Wizard

Option A: Direct access (if ports are public)

Open http://YOUR_SERVER_IP:3000

Option B: SSH tunnel (recommended for security)

# On your local machine
ssh -L 3000:localhost:3000 user@your-server-ip

Then open http://localhost:3000

4.2 Complete Setup Wizard

1. Welcome: Click "Get Started"
2. Admin Web Interface:
   • Listen interface: All interfaces
   • Port: 80
3. DNS Server:
   • Listen interface: All interfaces
   • Port: 53
4. Authentication:
   • Create strong username and password
5. Configure devices: Skip for now
6. Open Dashboard

---

Step 5: Enable Encryption

This is the most important step for full encryption.

5.1 Access Encryption Settings

Navigate to: Settings → Encryption settings

5.2 Configure Encryption

Setting	Value
Enable encryption	✅ Checked
Enable plain DNS	✅ Keep checked (for now)
Server name	dns.yourdomain.com
Redirect to HTTPS automatically	✅ Checked
HTTPS port	443
DNS-over-TLS port	853
DNS-over-QUIC port	(leave empty)

5.3 Configure Certificates

Setting	Value
Set a certificates file path	✅ Selected
Certificates file path	/opt/adguardhome/certs/fullchain.pem
Private key file path	/opt/adguardhome/certs/privkey.pem

5.4 Save and Verify

Click "Save configuration"

You should see:

• ✅ Certificate chain is valid
• ✅ Subject: CN=dns.yourdomain.com
• ✅ Issuer: Let's Encrypt
• ✅ Valid private key

---

Step 6: Disable Plain DNS

⚠️ Important: You must have DNS-over-TLS port (853) configured before disabling plain DNS!

6.1 Disable Plain DNS

In Settings → Encryption settings:

1. Verify DNS-over-TLS port is 853
2. Uncheck "Enable plain DNS"
3. Click "Save configuration"

If you get an error: Ensure DNS-over-TLS port 853 is set first.

6.2 Restart Container

docker restart adguardhome

6.3 Verify

# Plain DNS should NOT be listening
sudo ss -tlnp | grep :53
# Should return nothing

# DoH and DoT should be listening
sudo ss -tlnp | grep -E '(:443|:853)'

---

Step 7: Configure Upstream DNS

Set encrypted upstream DNS servers for maximum privacy.

7.1 Configure in UI

Navigate to: Settings → DNS settings

Upstream DNS servers:

https://1.1.1.1/dns-query
https://1.0.0.1/dns-query
https://dns.google/dns-query
https://dns.quad9.net/dns-query

Bootstrap DNS servers:

1.1.1.1
8.8.8.8
9.9.9.9

Click "Apply"

7.2 Alternative: Edit Config File

nano ~/adguard-home/conf/AdGuardHome.yaml

Find the dns: section:

dns:
  upstream_dns:
    - https://1.1.1.1/dns-query
    - https://1.0.0.1/dns-query
  bootstrap_dns:
    - 1.1.1.1
    - 8.8.8.8

---

Step 8: Certificate Auto-Renewal

8.1 Create Renewal Hook

sudo nano /etc/letsencrypt/renewal-hooks/deploy/adguard-certs.sh

Content:

#!/bin/bash

# Configuration - UPDATE THESE VALUES
DOMAIN="dns.yourdomain.com"
ADGUARD_USER="your-username"
ADGUARD_CERTS="/home/${ADGUARD_USER}/adguard-home/certs"
LOGFILE="/var/log/adguard-cert-renewal.log"

echo "$(date): Starting certificate deployment for ${DOMAIN}" >> $LOGFILE

# Copy new certificates
cp /etc/letsencrypt/live/${DOMAIN}/fullchain.pem ${ADGUARD_CERTS}/
cp /etc/letsencrypt/live/${DOMAIN}/privkey.pem ${ADGUARD_CERTS}/

# Set ownership and permissions
chown ${ADGUARD_USER}:${ADGUARD_USER} ${ADGUARD_CERTS}/*
chmod 600 ${ADGUARD_CERTS}/*

# Restart AdGuard Home
docker restart adguardhome

echo "$(date): Certificate deployment completed" >> $LOGFILE

⚠️ Update DOMAIN and ADGUARD_USER with your values!

8.2 Make Executable

sudo chmod +x /etc/letsencrypt/renewal-hooks/deploy/adguard-certs.sh

8.3 Test Renewal

sudo certbot renew --dry-run

---

Step 9: Finalize Production Configuration

9.1 Update Docker Compose

Remove the setup port:

services:
  adguardhome:
    image: adguard/adguardhome:latest
    container_name: adguardhome
    restart: unless-stopped
    volumes:
      - ./work:/opt/adguardhome/work
      - ./conf:/opt/adguardhome/conf
      - ./certs:/opt/adguardhome/certs:ro
    ports:
      # HTTPS + DoH
      - "443:443/tcp"
      # DNS-over-TLS
      - "853:853/tcp"
      # Web UI (local/tunnel access only)
      - "127.0.0.1:8080:80/tcp"

9.2 Recreate Container

cd ~/adguard-home
docker compose down
docker compose up -d

---

Reverse Proxy Configuration

If you're running AdGuard Home behind a reverse proxy, here are configurations for popular options.

Nginx

server {
    listen 443 ssl http2;
    server_name dns.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/dns.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/dns.yourdomain.com/privkey.pem;

    location / {
        proxy_pass https://127.0.0.1:443;
        proxy_ssl_verify off;
        proxy_ssl_server_name on;
        proxy_ssl_name dns.yourdomain.com;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Traefik (Docker Labels)

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.adguard.rule=Host(`dns.yourdomain.com`)"
  - "traefik.http.routers.adguard.entrypoints=https"
  - "traefik.http.routers.adguard.tls=true"
  - "traefik.http.routers.adguard.tls.certresolver=letsencrypt"
  - "traefik.http.services.adguard.loadbalancer.server.port=443"
  - "traefik.http.services.adguard.loadbalancer.server.scheme=https"

Caddy

dns.yourdomain.com {
    reverse_proxy https://127.0.0.1:443 {
        transport http {
            tls_insecure_skip_verify
            tls_server_name dns.yourdomain.com
        }
        header_up Host {host}
        header_up X-Real-IP {remote}
        header_up X-Forwarded-For {remote}
        header_up X-Forwarded-Proto {scheme}
    }
}

Pangolin

Setting	Value
Domain	dns.yourdomain.com
Target	YOUR_SERVER_IP:443
Protocol	https
Enable SSL to target	✅ Yes
TLS Server Name (SNI)	dns.yourdomain.com

---

Client Configuration

DoH URL

https://dns.yourdomain.com/dns-query

Browser Configuration

Firefox

1. Settings → Privacy & Security
2. Scroll to "DNS over HTTPS"
3. Select "Custom"
4. Enter: https://dns.yourdomain.com/dns-query

Chrome / Edge

1. Settings → Privacy and security → Security
2. Enable "Use secure DNS"
3. Select "Custom"
4. Enter: https://dns.yourdomain.com/dns-query

Mobile Configuration

Android 9+

1. Settings → Network & internet → Private DNS
2. Select "Private DNS provider hostname"
3. Enter: dns.yourdomain.com

iOS / macOS

Use a DNS profile generator:

• DNS Profile Creator

Or create a .mobileconfig profile manually.

Testing DoH

DoH uses binary format (RFC 8484):

# Create DNS query
printf '\x00\x00\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x07example\x03com\x00\x00\x01\x00\x01' > /tmp/dns.bin

# Test endpoint
curl -s -X POST "https://dns.yourdomain.com/dns-query" \
  -H "content-type: application/dns-message" \
  --data-binary @/tmp/dns.bin | xxd | head -5

Note: JSON format (?name=example.com&type=A) may return "Bad Request" - this is normal. Standard clients use binary format.

---

UniFi DNS Shield Setup

If you're using UniFi network equipment, you can configure DNS Shield to use your DoH server.

Generate DNS Stamp

Go to: https://dnscrypt.info/stamps/

Field	Value
Protocol	DNS-over-HTTPS
Host name	dns.yourdomain.com
Path	/dns-query
No logs	✅ Checked

Copy the generated sdns://... stamp.

Configure UniFi

1. UniFi Network Console → Settings → Security → DNS Shield
2. Enable DNS Shield
3. Select Custom
4. Enter:
   • Server Name: yourdomain-dns (no dots allowed)
   • DNS Stamp: sdns://... (paste your stamp)
5. Apply Changes

Block Other DoH/DoT

Prevent devices from bypassing your DNS:

1. Settings → Security → Traffic & Firewall Rules
2. Create rule:
   • Action: Block
   • Type: App
   • App: DNS over HTTPS, DNS over TLS
   • Source: Your networks

---

Security Hardening

Firewall Configuration

# Allow only necessary traffic
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 443/tcp  # DoH
sudo ufw allow 853/tcp  # DoT
sudo ufw enable

IP Whitelist (Optional)

If using a reverse proxy like Pangolin, you can restrict access:

Priority	Action	Match Type	Value
1	Allow	IP	Your home IP
2	Allow	IP	Your office IP
3	Block	IP Range	0.0.0.0/0

Trusted Proxies

If behind a reverse proxy, add to AdGuardHome.yaml:

trusted_proxies:
  - 127.0.0.0/8
  - 10.0.0.0/8
  - 172.16.0.0/12
  - 192.168.0.0/16

---

Maintenance

View Logs

docker logs -f adguardhome

Update AdGuard Home

cd ~/adguard-home
docker compose pull
docker compose up -d

Backup Configuration

tar -czvf ~/adguard-backup-$(date +%Y%m%d).tar.gz ~/adguard-home/conf/

Restore Configuration

tar -xzvf ~/adguard-backup-YYYYMMDD.tar.gz -C ~/
docker restart adguardhome

Check Certificate Expiry

sudo certbot certificates

Force Certificate Renewal

sudo certbot renew --force-renewal

Access Web UI

# Via SSH tunnel
ssh -L 8080:localhost:8080 user@your-server
# Then open http://localhost:8080

---

Troubleshooting

Common Issues

Issue	Cause	Solution
Certbot parsing error	Wrong cloudflare.ini format	Single line: dns_cloudflare_api_token = TOKEN (no quotes)
DNS challenge fails	Propagation too slow	Increase --dns-cloudflare-propagation-seconds to 120
Certificate permission denied	Wrong file permissions	chmod 600 on both cert files
"Disabling plain DNS requires encrypted protocol"	DoT port not set	Set DNS-over-TLS port to 853 first
DoH returns "Bad Request"	JSON format not supported	Use binary format - this is normal
Can't access web UI	Port not exposed	Add 127.0.0.1:8080:80 to docker-compose

Debug Commands

# Check container status
docker ps | grep adguardhome

# View logs
docker logs adguardhome 2>&1 | tail -50

# Check listening ports
sudo ss -tlnp | grep -E '(:443|:853|:8080)'

# Test certificate
openssl x509 -in ~/adguard-home/certs/fullchain.pem -noout -text | head -30

# Test HTTPS locally
curl -k -v https://localhost:443

Log Locations

Log	Location
AdGuard Home	docker logs adguardhome
Certbot	/var/log/letsencrypt/letsencrypt.log
Renewal Hook	/var/log/adguard-cert-renewal.log

---

Security Checklist

Before going live, verify:

• Plain DNS (port 53) is disabled
• DoH (port 443) is working
• DoT (port 853) is working
• Valid SSL certificates installed
• Certificate auto-renewal configured
• Strong admin password set
• Firewall configured
• Web UI only accessible via SSH tunnel or whitelist
• Upstream DNS uses encrypted protocols

---

Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Submit a pull request

---

License

This guide is released under the MIT License. See LICENSE for details.

---

Thanks to Open Source

This guide and setup would not be possible without the incredible work of these open source projects and organizations. We are deeply grateful for their contributions to the community.

---

AdGuard Home

AdGuard Home is a network-wide software for blocking ads and tracking. It operates as a DNS server that re-routes tracking domains to a "black hole", thus preventing your devices from connecting to those servers.

GitHub	github.com/AdguardTeam/AdGuardHome
Website	adguard.com/adguard-home
License	GPL-3.0
Stars

Why we love it:

• Free and open source
• Network-wide ad blocking
• DNS-over-HTTPS, DNS-over-TLS, DNS-over-QUIC support
• Beautiful web interface
• Active development and community
• Privacy-focused

---

Pangolin

Pangolin is a self-hosted tunneled reverse proxy with identity-aware access control, designed to securely expose private resources through encrypted tunnels without opening ports on your firewall.

GitHub	github.com/fosrl/pangolin
Website	pangolin.dev
License	MIT
Stars

Why we love it:

• Self-hosted Cloudflare Tunnel alternative
• No need to open ports on your firewall
• Built-in identity-aware access control
• IP whitelisting and authentication
• Beautiful dashboard
• Active development

---

Docker

Docker is a platform for developing, shipping, and running applications in containers. It enables developers to package applications with all dependencies into standardized units.

GitHub	github.com/docker
Website	docker.com
License	Apache-2.0

Why we love it:

• Simplifies deployment
• Consistent environments
• Easy updates and rollbacks
• Huge ecosystem
• Industry standard

---

Let's Encrypt

Let's Encrypt is a free, automated, and open Certificate Authority, run for the public's benefit by the Internet Security Research Group (ISRG).

GitHub	github.com/letsencrypt
Website	letsencrypt.org
Operated by	Internet Security Research Group (ISRG)

Why we love it:

• Free SSL certificates for everyone
• Automated certificate issuance and renewal
• Made HTTPS accessible to all
• Non-profit organization
• Secured billions of websites

---

Cloudflare

Cloudflare provides content delivery network services, cloud cybersecurity, DDoS mitigation, and ICANN-accredited domain registration services.

Website	cloudflare.com
DNS	1.1.1.1

Why we love it:

• Free DNS with privacy focus (1.1.1.1)
• DNS-over-HTTPS support
• Excellent API for automation
• Free tier for personal projects
• Transparent security practices

---

Other Projects We Appreciate

Project	Description	Link
Certbot	EFF's tool for obtaining Let's Encrypt certificates	certbot.eff.org
Traefik	Modern reverse proxy and load balancer	traefik.io
Nginx	High-performance web server and reverse proxy	nginx.org
Caddy	Web server with automatic HTTPS	caddyserver.com

---

A Note on Open Source

Open source software is the backbone of the modern internet. These projects, maintained by dedicated individuals and organizations, often without direct compensation, make secure and private internet access possible for everyone.

If you benefit from these projects, consider:

• ⭐ Starring their repositories on GitHub
• 💰 Donating to support development
• 🐛 Reporting bugs and issues
• 📖 Contributing documentation or code
• 📣 Spreading the word about their projects

"Open source is not about code. It's about people."

---

Support

If this guide helped you, consider:

• ⭐ Starring the repository
• 🐛 Reporting issues
• 📖 Improving documentation
• 🔀 Submitting pull requests

---

Happy secure DNS browsing! 🔒