Fedora 40
Sponsored Link

BIND : DNS over HTTPS Client Settings : Fedora2024/04/25

 
Configure Fedora Client to refer to your DNS over HTTPS Server.
[1]
Install dnscrypt-proxy.
Before it, make sure the DNS Stamp on the following site, it needs on dnscrypt-proxy settings.
⇒ https://dnscrypt.info/stamps/
Select or Input like follows. Then note the value [sdns://***] on [Stamp] section.
* Protocol : DNS-over-HTTPS (DoH)
* IP Address : your DNS-over-HTTPS server's IP address
* Host Name : your DNS-over-HTTPS server's hostname
* Path : the value for [endpoints] that you set on your DNS-over-HTTPS server settings
[2] Configure Fedora Client to refer to your DoH server.
[root@node01 ~]#
dnf -y install dnscrypt-proxy
[root@node01 ~]#
mv /etc/dnscrypt-proxy/dnscrypt-proxy.toml /etc/dnscrypt-proxy/dnscrypt-proxy.toml.org

[root@node01 ~]#
vi /etc/dnscrypt-proxy/dnscrypt-proxy.toml
# create new

listen_addresses = ['127.0.0.1:53']
ipv4_servers = true
ipv6_servers = false
dnscrypt_servers = false
doh_servers = true
odoh_servers = false
require_dnssec = false
max_clients = 250
keepalive = 30
use_syslog = true
log_files_max_size = 10
log_files_max_age = 7
log_files_max_backups = 1
reject_ttl = 10
cache = true
cache_size = 4096
cache_min_ttl = 2400
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600

# your DoH server
server_names = ['dlp.srv.world']

[query_log]
  file = '/var/log/dnscrypt-proxy/query.log'

[nx_log]
  file = '/var/log/dnscrypt-proxy/nx.log'

# set the Stamp value on [stamp] section that you made sure on [1]
[static]
  [static.'dlp.srv.world']
  stamp = 'sdns://AgcAAAAAAAAACTEwLjAuMC4zMAANZGxwLnNydi53b3JsZAovZG5zLXF1ZXJ5'

[root@node01 ~]#
mkdir /var/log/dnscrypt-proxy

[root@node01 ~]#
systemctl enable --now dnscrypt-proxy
# change DNS to the IP address that dnscrypt-proxy listens

[root@node01 ~]#
nmcli connection modify enp1s0 ipv4.dns 127.0.0.1

[root@node01 ~]#
nmcli connection up enp1s0
# verify resolution

[root@node01 ~]#
dig www.srv.world.


; <<>> DiG 9.18.24 <<>> www.srv.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39342
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.srv.world.                 IN      A

;; ANSWER SECTION:
www.srv.world.          86400   IN      A       10.0.0.31

;; Query time: 2 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Thu Apr 25 13:22:44 JST 2024
;; MSG SIZE  rcvd: 58

BIND : DNS over HTTPS Client Settings : Windows
 
Configure Windows Client to refer to your DNS over HTTPS Server. This example is based on Windows 11.
[3] Open the Network setting and click the [Edit] button on [DNS server assignment] section. Next, Input your DoH Server address on the [Preferred DNS] section. For [DNS over HTTPS] section, select [On (manual template)] and For [DNS over HTTPS template] section, input the value of [endpoints] in named.conf you set.
[4] After setting your DoH server, verify Name and Address Resolution.
Matched Content