DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.
Stubby is an open-source DNS stub resolver developed by the getdns team. A stub resolver is a small DNS client on the end-user’s computer that receives DNS requests from applications such as Firefox and forward requests to a recursive resolver like 126.96.36.199 or 188.8.131.52. Stubby is special in that it supports DNS over TLS. By default, it will only send DNS requests encrypted.
Stubby is in Ubuntu 18.04 repository. Open up a terminal window and run the following command to install it.
sudo apt install stubby
Once you install it successfully, it will run in the background in the form of service. The default listening port of the software is 53.
Check whether the startup is successful:
sudo netstat -lnptu | grep stubby
The main configuration file is
/etc/stubby/stubby.yml. generally, it does not need to be changed..
Switching to Stubby
/etc/resolve.conf file to change nameserver to