Set up secure DNS (over TLS or HTTPS) on 16.04
How do I set up Secure DNS (eg over TLS or HTTPS) on 16.04?
I would prefer to use functionality built into 16.04 or apps available on the 16.04 repository. I plan to use either the Google Public DNS (eg 8.8.8.8, 8.8.4.4) or Cloudflare (1.1.1.1, 1.0.0.1) or some combination of the two.
From a web search, the commonly recommended way is to use stubby on 18.04 for DNS over TLS, but stubby does not seem to be available on the 16.04 repository.
Current options for DNS over HTTP seems to be cloudflared by Cloudfare and doh-proxy by Facebook, neither of which seem to be available on the 16.04 repository.
16.04 networking security dns
add a comment |
How do I set up Secure DNS (eg over TLS or HTTPS) on 16.04?
I would prefer to use functionality built into 16.04 or apps available on the 16.04 repository. I plan to use either the Google Public DNS (eg 8.8.8.8, 8.8.4.4) or Cloudflare (1.1.1.1, 1.0.0.1) or some combination of the two.
From a web search, the commonly recommended way is to use stubby on 18.04 for DNS over TLS, but stubby does not seem to be available on the 16.04 repository.
Current options for DNS over HTTP seems to be cloudflared by Cloudfare and doh-proxy by Facebook, neither of which seem to be available on the 16.04 repository.
16.04 networking security dns
add a comment |
How do I set up Secure DNS (eg over TLS or HTTPS) on 16.04?
I would prefer to use functionality built into 16.04 or apps available on the 16.04 repository. I plan to use either the Google Public DNS (eg 8.8.8.8, 8.8.4.4) or Cloudflare (1.1.1.1, 1.0.0.1) or some combination of the two.
From a web search, the commonly recommended way is to use stubby on 18.04 for DNS over TLS, but stubby does not seem to be available on the 16.04 repository.
Current options for DNS over HTTP seems to be cloudflared by Cloudfare and doh-proxy by Facebook, neither of which seem to be available on the 16.04 repository.
16.04 networking security dns
How do I set up Secure DNS (eg over TLS or HTTPS) on 16.04?
I would prefer to use functionality built into 16.04 or apps available on the 16.04 repository. I plan to use either the Google Public DNS (eg 8.8.8.8, 8.8.4.4) or Cloudflare (1.1.1.1, 1.0.0.1) or some combination of the two.
From a web search, the commonly recommended way is to use stubby on 18.04 for DNS over TLS, but stubby does not seem to be available on the 16.04 repository.
Current options for DNS over HTTP seems to be cloudflared by Cloudfare and doh-proxy by Facebook, neither of which seem to be available on the 16.04 repository.
16.04 networking security dns
16.04 networking security dns
edited Jan 18 at 2:56
JayDin
asked Jan 18 at 2:48
JayDinJayDin
133111
133111
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
In ubuntu there is the dnss package
From man:
dnss is a daemon that can encapsulate DNS over HTTPS.
It can act as a DNS-to-HTTPS proxy, using https://dns.google.com as a
server or anything implementing the same API.
It can also act as an HTTPS-to-DNS proxy, implementing the same HTTP
API; you can use this instead of https://dns.google.com if you want
more control over the servers and the final DNS server used (for
example if you are in an isolated environment, such as a test lab or a
private network).
In the default mode of operation, it listens for DNS requests on port
53, and will query an HTTPS server (https://dns.google.com by default)
to resolve them.
Thanks for the response. There is very little in terms of a users guide on dnss. Have you used it yourself?
– JayDin
Jan 18 at 19:31
I used it a couple of years ago. Now I have a microtik rounter that does everything relative to my dns.
– Carlos Dagorret
Jan 19 at 3:02
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1110732%2fset-up-secure-dns-over-tls-or-https-on-16-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
In ubuntu there is the dnss package
From man:
dnss is a daemon that can encapsulate DNS over HTTPS.
It can act as a DNS-to-HTTPS proxy, using https://dns.google.com as a
server or anything implementing the same API.
It can also act as an HTTPS-to-DNS proxy, implementing the same HTTP
API; you can use this instead of https://dns.google.com if you want
more control over the servers and the final DNS server used (for
example if you are in an isolated environment, such as a test lab or a
private network).
In the default mode of operation, it listens for DNS requests on port
53, and will query an HTTPS server (https://dns.google.com by default)
to resolve them.
Thanks for the response. There is very little in terms of a users guide on dnss. Have you used it yourself?
– JayDin
Jan 18 at 19:31
I used it a couple of years ago. Now I have a microtik rounter that does everything relative to my dns.
– Carlos Dagorret
Jan 19 at 3:02
add a comment |
In ubuntu there is the dnss package
From man:
dnss is a daemon that can encapsulate DNS over HTTPS.
It can act as a DNS-to-HTTPS proxy, using https://dns.google.com as a
server or anything implementing the same API.
It can also act as an HTTPS-to-DNS proxy, implementing the same HTTP
API; you can use this instead of https://dns.google.com if you want
more control over the servers and the final DNS server used (for
example if you are in an isolated environment, such as a test lab or a
private network).
In the default mode of operation, it listens for DNS requests on port
53, and will query an HTTPS server (https://dns.google.com by default)
to resolve them.
Thanks for the response. There is very little in terms of a users guide on dnss. Have you used it yourself?
– JayDin
Jan 18 at 19:31
I used it a couple of years ago. Now I have a microtik rounter that does everything relative to my dns.
– Carlos Dagorret
Jan 19 at 3:02
add a comment |
In ubuntu there is the dnss package
From man:
dnss is a daemon that can encapsulate DNS over HTTPS.
It can act as a DNS-to-HTTPS proxy, using https://dns.google.com as a
server or anything implementing the same API.
It can also act as an HTTPS-to-DNS proxy, implementing the same HTTP
API; you can use this instead of https://dns.google.com if you want
more control over the servers and the final DNS server used (for
example if you are in an isolated environment, such as a test lab or a
private network).
In the default mode of operation, it listens for DNS requests on port
53, and will query an HTTPS server (https://dns.google.com by default)
to resolve them.
In ubuntu there is the dnss package
From man:
dnss is a daemon that can encapsulate DNS over HTTPS.
It can act as a DNS-to-HTTPS proxy, using https://dns.google.com as a
server or anything implementing the same API.
It can also act as an HTTPS-to-DNS proxy, implementing the same HTTP
API; you can use this instead of https://dns.google.com if you want
more control over the servers and the final DNS server used (for
example if you are in an isolated environment, such as a test lab or a
private network).
In the default mode of operation, it listens for DNS requests on port
53, and will query an HTTPS server (https://dns.google.com by default)
to resolve them.
answered Jan 18 at 3:32
Carlos DagorretCarlos Dagorret
510214
510214
Thanks for the response. There is very little in terms of a users guide on dnss. Have you used it yourself?
– JayDin
Jan 18 at 19:31
I used it a couple of years ago. Now I have a microtik rounter that does everything relative to my dns.
– Carlos Dagorret
Jan 19 at 3:02
add a comment |
Thanks for the response. There is very little in terms of a users guide on dnss. Have you used it yourself?
– JayDin
Jan 18 at 19:31
I used it a couple of years ago. Now I have a microtik rounter that does everything relative to my dns.
– Carlos Dagorret
Jan 19 at 3:02
Thanks for the response. There is very little in terms of a users guide on dnss. Have you used it yourself?
– JayDin
Jan 18 at 19:31
Thanks for the response. There is very little in terms of a users guide on dnss. Have you used it yourself?
– JayDin
Jan 18 at 19:31
I used it a couple of years ago. Now I have a microtik rounter that does everything relative to my dns.
– Carlos Dagorret
Jan 19 at 3:02
I used it a couple of years ago. Now I have a microtik rounter that does everything relative to my dns.
– Carlos Dagorret
Jan 19 at 3:02
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1110732%2fset-up-secure-dns-over-tls-or-https-on-16-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown