Ubuntu 22.04
Sponsored Link

BIND : DNS over HTTPS Client Settings : Ubuntu
2022/04/26
 
Configure Ubuntu Client to refer to your DNS over HTTPS Server.
[1]
Install dnscrypt-proxy.
Before it, make sure the DNS Stamp on the following site, it needs on dnscrypt-proxy settings.
⇒ https://dnscrypt.info/stamps/
Select or Input like follows. Then note the value [sdns://***] on [Stamp] section.
* Protocol : DNS-over-HTTPS (DoH)
* IP Address : your DNS-over-HTTPS server's IP address
* Host Name : your DNS-over-HTTPS server's hostname
* Path : the value for [endpoints] that you set on your DNS-over-HTTPS server settings
[2] Configure Ubuntu Client to refer to your DoH server.
root@node01:~#
apt -y install dnscrypt-proxy
root@node01:~#
vi /etc/dnscrypt-proxy/dnscrypt-proxy.toml
# Empty listen_addresses to use systemd socket activation
listen_addresses = []
# change to your DoH server
server_names = ['dlp.srv.world']

[query_log]
  file = '/var/log/dnscrypt-proxy/query.log'

[nx_log]
  file = '/var/log/dnscrypt-proxy/nx.log'

# comment out all
#[sources]
#  [sources.'public-resolvers']
#  url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
#  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
#  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
#  refresh_delay = 72
#  prefix = ''

# add follows
# set the Stamp value on [stamp] section that you made sure on [1]
[static]
  [static.'dlp.srv.world']
  stamp = 'sdns://AgcAAAAAAAAACTEwLjAuMC4zMAANZGxwLnNydi53b3JsZAovZG5zLXF1ZXJ5'

root@node01:~#
systemctl restart dnscrypt-proxy
root@node01:~#
vi /etc/netplan/01-netcfg.yaml
# change to the IP address that dnscrypt-proxy listens

    nameservers:
        addresses: [127.0.2.1]

root@node01:~#
netplan apply
# verify resolution

root@node01:~#
dig www.srv.world.


; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> www.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.srv.world.                 IN      A

;; ANSWER SECTION:
www.srv.world.          86373   IN      A       10.0.0.31

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Nov 26 11:22:22 JST 2022
;; MSG SIZE  rcvd: 58

BIND : DNS over HTTPS Client Settings : Windows
 
Configure Windows Client to refer to your DNS over HTTPS Server. This example is based on Windows 11.
[3] Run Powertshell with admin privilege and execute command [Get-DNSClientDohServerAddress], then known DoH (DNS over HTTPS) servers are listed like follows. It needs to add your DoH server in it to use your DoH server.
[4]
Add your DoH server.
Run the command like follows.
PS > Add-DnsClientDohServerAddress -ServerAddress '(DoH server's IP address)' -DohTemplate '(HTTP query endpoint)' -AllowFallbackToUdp $False -AutoUpgrade $True
[HTTP query endpoint] ⇒ https://(your DNS server's hostname)/(the value of [endpoints] in named.conf)
After adding your DoH server, make sure the known list again.
[5] Change DNS settings. Open the Network setting and click the [Edit] button on [DNS server assignment] section.
[6] Input your DNS server's IP address. Then inputted IP address exists in the known DoH server list, it's possible to select on [Preferred DNS encryption] list. Select [Encrypted only (DNS over HTTPS)] and click [Save] button. That's OK.
[7] After setting your DoH server, verify Name and Address Resolution.
Matched Content