Posts

Showing posts from November, 2017

DNS over HTTPS client resolver

Perhaps you are worried about DNS manipulation attacks, or the privacy of your DNS lookups. Eliminating DNS over UDP on your network might be something you want to achieve. This guide shows how to install a DNS resolver on a CentOS 7 system that will forward all your DNS queries to Google via HTTPS. Sounds crazy, but actually the performance was completely reasonable for casual browsing.

This tutorial is based around using the code for the https_dns_proxy project

Install some required packages;
yum install -y git cmake c-ares-devel gcc gcc-c++ libnghttp2-devel pdns-recursor Fetch the latest libcurl source code (7.56.1 at the time of writing)
wget https://curl.haxx.se/download/curl-7.56.1.tar.gz Compile libcurl with nghttp2 and ssl support
./configure --with-nghttp2 --with-ssl make sudo make install  Clone the https_dns_proxy code and build it
git clone https://github.com/aarond10/https_dns_proxy.git cmake . make Now configure pdns-recursor, I'm just listening on loopback but if yo…