Ubuntu 22.04
Sponsored Link

BIND : DNS over HTTPS Client Settings : Ubuntu2022/04/26

Configure Ubuntu Client to refer to your DNS over HTTPS Server.
Install dnscrypt-proxy.
Before it, make sure the DNS Stamp on the following site, it needs on dnscrypt-proxy settings.
⇒ https://dnscrypt.info/stamps/
Select or Input like follows. Then note the value [sdns://***] on [Stamp] section.
* Protocol : DNS-over-HTTPS (DoH)
* IP Address : your DNS-over-HTTPS server's IP address
* Host Name : your DNS-over-HTTPS server's hostname
* Path : the value for [endpoints] that you set on your DNS-over-HTTPS server settings
[2] Configure Ubuntu Client to refer to your DoH server.
apt -y install dnscrypt-proxy
vi /etc/dnscrypt-proxy/dnscrypt-proxy.toml
# Empty listen_addresses to use systemd socket activation
listen_addresses = []
# change to your DoH server
server_names = ['dlp.srv.world']

  file = '/var/log/dnscrypt-proxy/query.log'

  file = '/var/log/dnscrypt-proxy/nx.log'

# comment out all
#  [sources.'public-resolvers']
#  url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
#  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
#  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
#  refresh_delay = 72
#  prefix = ''

# add follows
# set the Stamp value on [stamp] section that you made sure on [1]
  stamp = 'sdns://AgcAAAAAAAAACTEwLjAuMC4zMAANZGxwLnNydi53b3JsZAovZG5zLXF1ZXJ5'

systemctl restart dnscrypt-proxy
vi /etc/netplan/01-netcfg.yaml
# change to the IP address that dnscrypt-proxy listens

        addresses: []

netplan apply
# verify resolution

dig www.srv.world.

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> www.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 65494
;www.srv.world.                 IN      A

www.srv.world.          86373   IN      A

;; Query time: 0 msec
;; WHEN: Sat Nov 26 11:22:22 JST 2022
;; MSG SIZE  rcvd: 58

BIND : DNS over HTTPS Client Settings : Windows
Configure Windows Client to refer to your DNS over HTTPS Server. This example is based on Windows 11.
[3] Run Powershell with admin privilege and execute command [Get-DNSClientDohServerAddress], then known DoH (DNS over HTTPS) servers are listed like follows. It needs to add your DoH server in it to use your DoH server.
Add your DoH server.
Run the command like follows.
PS > Add-DnsClientDohServerAddress -ServerAddress '(DoH server's IP address)' -DohTemplate '(HTTP query endpoint)' -AllowFallbackToUdp $False -AutoUpgrade $True
[HTTP query endpoint] ⇒ https://(your DNS server's hostname)/(the value of [endpoints] in named.conf)
After adding your DoH server, make sure the known list again.
[5] Change DNS settings. Open the Network setting and click the [Edit] button on [DNS server assignment] section.
[6] Input your DNS server's IP address. Then inputted IP address exists in the known DoH server list, it's possible to select on [Preferred DNS encryption] list. Select [Encrypted only (DNS over HTTPS)] and click [Save] button. That's OK.
[7] After setting your DoH server, verify Name and Address Resolution.
Matched Content