Protect DNS Privacy on Ubuntu 18.04 with DNS over Https(DOH)

DNS over HTTPS (DoH) is a protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol. A goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks by using the HTTPS protocol to encrypt the data between the DoH client and the DoH-based DNS resolver.

Stubby is an open-source DNS stub resolver developed by the getdns team. A stub resolver is a small DNS client on the end-user’s computer that receives DNS requests from applications such as Firefox and forward requests to a recursive resolver like 1.1.1.1 or 8.8.8.8. Stubby is special in that it supports DNS over TLS. By default, it will only send DNS requests encrypted.

Install Stubby

Stubby is in Ubuntu 18.04 repository. Open up a terminal window and run the following command to install it.

sudo apt install stubby

Once you install it successfully, it will run in the background in the form of service. The default listening port of the software is 53.
Check whether the startup is successful:

sudo netstat -lnptu | grep stubby

The main configuration file is /etc/stubby/stubby.yml. generally, it does not need to be changed..

Switching to Stubby

Edite the /etc/resolve.conf file to change nameserver to 127.0.0.1:

nameserver 127.0.0.1

via: https://www.linuxbabe.com/ubuntu/ubuntu-stubby-dns-over-tls

Leave a Reply

Your email address will not be published.