DNS over HTTPS client resolver

Perhaps you are worried about DNS manipulation attacks, or the privacy of your DNS lookups. Eliminating DNS over UDP on your network might be something you want to achieve. This guide shows how to install a DNS resolver on a CentOS 7 system that will forward all your DNS queries to Google via HTTPS. Sounds crazy, but actually the performance was completely reasonable for casual browsing.

This tutorial is based around using the code for the https_dns_proxy project

Install some required packages;
yum install -y git cmake c-ares-devel gcc gcc-c++ libnghttp2-devel pdns-recursor
Fetch the latest libcurl source code (7.56.1 at the time of writing)
wget https://curl.haxx.se/download/curl-7.56.1.tar.gz
Compile libcurl with nghttp2 and ssl support
./configure --with-nghttp2 --with-ssl
make
sudo make install 
Clone the https_dns_proxy code and build it
git clone https://github.com/aarond10/https_dns_proxy.git
cmake .
make
Now configure pdns-recursor, I'm just listening on loopback but if you want to expose this to other clients just adjust as needed.

/etc/pdns-recursor/recursor.conf
setuid=pdns-recursor
setgid=pdns-recursor
allow-from=127.0.0.0/8
export-etc-hosts=on
forward-zones-recurse=.=127.0.0.1:50053
Add the following entry to /etc/hosts
216.58.212.110 dns.google.com
and start pdns-recursor
systemctl start pdns-recursor

Now bring up https_dns_proxy, setting the user and gid to a user of your choice
./https_dns_proxy -u steve -g steve -p 50053 -b 127.0.0.1
You are now running a DNS resolver forwarding all your DNS requests over https to Google!

Now-DNS provides Free Dynamic DNS and URL Shortening services

Comments

Popular posts from this blog

Creating a Free DDNS Service

Howto Setup a Minecraft Server at Home