DNS over HTTPS client resolver
Perhaps you are worried about DNS manipulation attacks, or the privacy of your DNS lookups. Eliminating DNS over UDP on your network might be something you want to achieve. This guide shows how to install a DNS resolver on a CentOS 7 system that will forward all your DNS queries to Google via HTTPS. Sounds crazy, but actually the performance was completely reasonable for casual browsing.
This tutorial is based around using the code for the https_dns_proxy project
Install some required packages;
/etc/pdns-recursor/recursor.conf
Now bring up https_dns_proxy, setting the user and gid to a user of your choice
Now-DNS provides Free Dynamic DNS and URL Shortening services
This tutorial is based around using the code for the https_dns_proxy project
Install some required packages;
yum install -y git cmake c-ares-devel gcc gcc-c++ libnghttp2-devel pdns-recursorFetch the latest libcurl source code (7.56.1 at the time of writing)
wget https://curl.haxx.se/download/curl-7.56.1.tar.gzCompile libcurl with nghttp2 and ssl support
./configure --with-nghttp2 --with-ssl
make
sudo make installClone the https_dns_proxy code and build it
git clone https://github.com/aarond10/https_dns_proxy.git
cmake .
makeNow configure pdns-recursor, I'm just listening on loopback but if you want to expose this to other clients just adjust as needed.
/etc/pdns-recursor/recursor.conf
setuid=pdns-recursor
setgid=pdns-recursor
allow-from=127.0.0.0/8
export-etc-hosts=on
forward-zones-recurse=.=127.0.0.1:50053Add the following entry to /etc/hosts
216.58.212.110 dns.google.comand start pdns-recursor
systemctl start pdns-recursor
Now bring up https_dns_proxy, setting the user and gid to a user of your choice
./https_dns_proxy -u steve -g steve -p 50053 -b 127.0.0.1You are now running a DNS resolver forwarding all your DNS requests over https to Google!
Now-DNS provides Free Dynamic DNS and URL Shortening services
Comments
Post a Comment