Debian 12 bookworm
Sponsored Link

BIND : DNS over HTTPS Client Settings : Debian2023/06/15

Configure Debian Client to refer to your DNS over HTTPS Server.
Install dnscrypt-proxy.
Before it, make sure the DNS Stamp on the following site, it needs on dnscrypt-proxy settings.
Select or Input like follows. Then note the value [sdns://***] on [Stamp] section.
* Protocol : DNS-over-HTTPS (DoH)
* IP Address : your DNS-over-HTTPS server's IP address
* Host Name : your DNS-over-HTTPS server's hostname
* Path : the value for [endpoints] that you set on your DNS-over-HTTPS server settings
[2] Configure Debian Client to refer to your DoH server.
echo 'deb testing main' >> /etc/apt/sources.list

apt update

apt -y install dnscrypt-proxy
vi /etc/dnscrypt-proxy/dnscrypt-proxy.toml
# Empty listen_addresses to use systemd socket activation
listen_addresses = []
# change to your DoH server
server_names = ['']

  file = '/var/log/dnscrypt-proxy/query.log'

  file = '/var/log/dnscrypt-proxy/nx.log'

# comment out all
#  [sources.'public-resolvers']
#  url = ''
#  cache_file = '/var/cache/dnscrypt-proxy/'
#  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
#  refresh_delay = 72
#  prefix = ''

# add follows
# set the Stamp value on [stamp] section that you made sure on [1]
  stamp = 'sdns://AgcAAAAAAAAACTEwLjAuMC4zMAANZGxwLnNydi53b3JsZAovZG5zLXF1ZXJ5'

systemctl restart dnscrypt-proxy
vi /etc/resolv.conf
# change to the IP address that dnscrypt-proxy listens


# * if you are using resolvconf or Networkmanager programs,
# change nameserver setting on a file for their requirements

# verify resolution


; <<>> DiG 9.18.12-1-Debian <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55046
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232
;                 IN      A

;; ANSWER SECTION:          86397   IN      A

;; Query time: 0 msec
;; WHEN: Wed Jun 14 21:29:45 CDT 2023
;; MSG SIZE  rcvd: 58

BIND : DNS over HTTPS Client Settings : Windows
Configure Windows Client to refer to your DNS over HTTPS Server. This example is based on Windows 11.
[3] Open the Network setting and click the [Edit] button on [DNS server assignment] section. Next, Input your DoH Server address on the [Preferred DNS] section. For [DNS over HTTPS] section, select [On (manual template)] and For [DNS over HTTPS template] section, input the value of [endpoints] in named.conf you set.
[4] After setting your DoH server, verify Name and Address Resolution.
Matched Content