Fedora 37
Sponsored Link

BIND : DNS over HTTPS Client Settings : Fedora2022/11/18

Configure Fedora Client to refer to your DNS over HTTPS Server.
Install dnscrypt-proxy.
Before it, make sure the DNS Stamp on the following site, it needs on dnscrypt-proxy settings.
⇒ https://dnscrypt.info/stamps/
Select or Input like follows. Then note the value [sdns://***] on [Stamp] section.
* Protocol : DNS-over-HTTPS (DoH)
* IP Address : your DNS-over-HTTPS server's IP address
* Host Name : your DNS-over-HTTPS server's hostname
* Path : the value for [endpoints] that you set on your DNS-over-HTTPS server settings
[2] Configure Fedora Client to refer to your DoH server.
[root@node01 ~]#
dnf -y install dnscrypt-proxy
[root@node01 ~]#
mv /etc/dnscrypt-proxy/dnscrypt-proxy.toml /etc/dnscrypt-proxy/dnscrypt-proxy.toml.org

[root@node01 ~]#
vi /etc/dnscrypt-proxy/dnscrypt-proxy.toml
# create new

listen_addresses = ['']
ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = false
doh_servers = true
odoh_servers = false
require_dnssec = false
max_clients = 250
keepalive = 30
use_syslog = true
log_files_max_size = 10
log_files_max_age = 7
log_files_max_backups = 1
reject_ttl = 10
cache = true
cache_size = 4096
cache_min_ttl = 2400
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600

# your DoH server
server_names = ['dlp.srv.world']

  file = '/var/log/dnscrypt-proxy/query.log'

  file = '/var/log/dnscrypt-proxy/nx.log'

# set the Stamp value on [stamp] section that you made sure on [1]
  stamp = 'sdns://AgcAAAAAAAAACTEwLjAuMC4zMAANZGxwLnNydi53b3JsZAovZG5zLXF1ZXJ5'

[root@node01 ~]#
systemctl enable --now dnscrypt-proxy
# change DNS to the IP address that dnscrypt-proxy listens

[root@node01 ~]#
nmcli connection modify enp1s0 ipv4.dns

[root@node01 ~]#
nmcli connection up enp1s0
# verify resolution

[root@node01 ~]#
dig www.srv.world.

; <<>> DiG 9.18.8 <<>> www.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21374
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 65494
;www.srv.world.                 IN      A

www.srv.world.          86400   IN      A

;; Query time: 0 msec
;; WHEN: Sat Nov 26 12:51:36 JST 2022
;; MSG SIZE  rcvd: 58

BIND : DNS over HTTPS Client Settings : Windows
Configure Windows Client to refer to your DNS over HTTPS Server. This example is based on Windows 11.
[3] Run Powertshell with admin privilege and execute command [Get-DNSClientDohServerAddress], then known DoH (DNS over HTTPS) servers are listed like follows. It needs to add your DoH server in it to use your DoH server.
Add your DoH server.
Run the command like follows.
PS > Add-DnsClientDohServerAddress -ServerAddress '(DoH server's IP address)' -DohTemplate '(HTTP query endpoint)' -AllowFallbackToUdp $False -AutoUpgrade $True
[HTTP query endpoint] ⇒ https://(your DNS server's hostname)/(the value of [endpoints] in named.conf)
After adding your DoH server, make sure the known list again.
[5] Change DNS settings. Open the Network setting and click the [Edit] button on [DNS server assignment] section.
[6] Input your DNS server's IP address. Then inputted IP address exists in the known DoH server list, it's possible to select on [Preferred DNS encryption] list. Select [Encrypted only (DNS over HTTPS)] and click [Save] button. That's OK.
[7] After setting your DoH server, verify Name and Address Resolution.
Matched Content