BIND : DNS over HTTPS Client Settings : Fedora2024/04/25 |
Configure Fedora Client to refer to your DNS over HTTPS Server.
|
|
[1] |
Install dnscrypt-proxy.
Before it, make sure the DNS Stamp on the following site, it needs on dnscrypt-proxy settings.
⇒ https://dnscrypt.info/stamps/
Select or Input like follows. Then note the value [sdns://***] on [Stamp] section.
* Protocol : DNS-over-HTTPS (DoH)* IP Address : your DNS-over-HTTPS server's IP address * Host Name : your DNS-over-HTTPS server's hostname * Path : the value for [endpoints] that you set on your DNS-over-HTTPS server settings |
[2] | Configure Fedora Client to refer to your DoH server. |
[root@node01 ~]#
dnf -y install dnscrypt-proxy
[root@node01 ~]#
mv /etc/dnscrypt-proxy/dnscrypt-proxy.toml /etc/dnscrypt-proxy/dnscrypt-proxy.toml.org [root@node01 ~]# vi /etc/dnscrypt-proxy/dnscrypt-proxy.toml # create new listen_addresses = ['127.0.0.1:53'] ipv4_servers = true ipv6_servers = false dnscrypt_servers = false doh_servers = true odoh_servers = false require_dnssec = false max_clients = 250 keepalive = 30 use_syslog = true log_files_max_size = 10 log_files_max_age = 7 log_files_max_backups = 1 reject_ttl = 10 cache = true cache_size = 4096 cache_min_ttl = 2400 cache_max_ttl = 86400 cache_neg_min_ttl = 60 cache_neg_max_ttl = 600 # your DoH server server_names = ['dlp.srv.world'] [query_log] file = '/var/log/dnscrypt-proxy/query.log' [nx_log] file = '/var/log/dnscrypt-proxy/nx.log' # set the Stamp value on [stamp] section that you made sure on [1] [static] [static.'dlp.srv.world'] stamp = 'sdns://AgcAAAAAAAAACTEwLjAuMC4zMAANZGxwLnNydi53b3JsZAovZG5zLXF1ZXJ5'
[root@node01 ~]#
mkdir /var/log/dnscrypt-proxy [root@node01 ~]# systemctl enable --now dnscrypt-proxy
# change DNS to the IP address that dnscrypt-proxy listens [root@node01 ~]# nmcli connection modify enp1s0 ipv4.dns 127.0.0.1 [root@node01 ~]# nmcli connection up enp1s0
# verify resolution [root@node01 ~]# dig www.srv.world. ; <<>> DiG 9.18.24 <<>> www.srv.world. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39342 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;www.srv.world. IN A ;; ANSWER SECTION: www.srv.world. 86400 IN A 10.0.0.31 ;; Query time: 2 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Thu Apr 25 13:22:44 JST 2024 ;; MSG SIZE rcvd: 58 |
BIND : DNS over HTTPS Client Settings : Windows
|
Configure Windows Client to refer to your DNS over HTTPS Server. This example is based on Windows 11.
|
[3] | Open the Network setting and click the [Edit] button on [DNS server assignment] section. Next, Input your DoH Server address on the [Preferred DNS] section. For [DNS over HTTPS] section, select [On (manual template)] and For [DNS over HTTPS template] section, input the value of [endpoints] in named.conf you set. |
[4] | After setting your DoH server, verify Name and Address Resolution. |
Sponsored Link |