DNS-over-HTTPS

From ArchWiki

DNS-over-HTTPS is an implementation of DNS over HTTPS. It can act as a stub resolver.

Installation

Install the dns-over-https package.

Client startup

Disable any services bound to port 53

To see if any programs are using port 53, run:

 $ ss -lp 'sport = :domain'

If the output contains more than the first line of column names, you need to disable whatever service is using port 53. You are ready to proceed once the above command outputs nothing more than the following line:

 Netid               State                 Recv-Q                Send-Q                                 Local Address:Port                                   Peer Address:Port

Change system DNS server

Change your system's DNS server to an address in the listen = section of the configuration file. If you don't know what you're doing, 127.0.0.1 is recommended.

This can be accomplished either through your Network Manager or through editing /etc/resolv.conf.

Startup

Start or enable doh-client.service.

Test configuration

To test if your system's DNS works, type nslookup www.google.com into the command line. Note that this will work before DNS-over-HTTPS is configured, assuming you had a DNS configuration before installing this.

Client configuration

The client configuration file is /etc/dns-over-https/doh-client.conf by default

Select preferred upstream DNS server

To select a preferred DNS server, uncomment one of the profiles.

If your preferred server is not listed, you may use the following template in the [upstream] section.

/etc/dns-over-https/doh-client.conf
[[upstream.upstream_ietf]]
    url = "https://[IP or web address]/dns-query"
    weight = 20