How to set DoH on Linux

This guide uses dnsproxy from AdguardTeam as the DoH client.

dnsproxy is a lightweight DNS proxy server that supports DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-over-QUIC protocols.

Install dnsproxy

Download and install the latest version:

Terminal


VERSION=$(curl -s https://api.github.com/repos/AdguardTeam/dnsproxy/releases/latest | grep tag_name | cut -d '"' -f 4) && echo "Latest dnsproxy version is $VERSION"
wget -O dnsproxy.tar.gz "https://github.com/AdguardTeam/dnsproxy/releases/download/${VERSION}/dnsproxy-linux-amd64-${VERSION}.tar.gz"
tar -xzvf dnsproxy.tar.gz
cd linux-amd64
sudo mv dnsproxy /usr/bin/dnsproxy

Test the Connection

Start dnsproxy with DNS.SB as the upstream server:

Terminal


sudo dnsproxy -l 127.0.0.1 -p 53 -u https://doh.dns.sb/dns-query -b 185.222.222.222:53

Open another terminal and test the DNS resolution:

Terminal


dig example.com @127.0.0.1

You should see a response similar to:

Output


;; ANSWER SECTION:
example.com.		1094	IN	A	93.184.216.34
 
;; SERVER: 127.0.0.1#53(127.0.0.1)

The SERVER: 127.0.0.1#53 confirms that dnsproxy is working correctly.

Run dnsproxy as a Service

You can use either Supervisor or systemd to keep dnsproxy running in the background.

Option 1: Using Supervisor

Install Supervisor:

Terminal


sudo apt install supervisor -y

Terminal


sudo yum install epel-release -y
sudo yum update
sudo yum install supervisor -y

Terminal


sudo pacman -S supervisor

Create the configuration file /etc/supervisor/conf.d/dnsproxy.conf:

/etc/supervisor/conf.d/dnsproxy.conf


[program:dnsproxy]
command = /usr/bin/dnsproxy -l 127.0.0.1 -p 53 -u https://doh.dns.sb/dns-query -b 185.222.222.222:53
user = root
autostart = true
autorestart = true
stdout_logfile = /var/log/supervisor/dnsproxy.log
stderr_logfile = /var/log/supervisor/dnsproxy.error.log
environment = LANG="en_US.UTF-8"

Restart Supervisor to apply the configuration:

Terminal


sudo systemctl restart supervisor

Option 2: Using systemd

Create the service file /etc/systemd/system/dnsproxy.service:

/etc/systemd/system/dnsproxy.service


[Unit]
Description=DNS Proxy
After=network.target
Requires=network.target
 
[Service]
Type=simple
ExecStart=/usr/bin/dnsproxy -l 127.0.0.1 -p 53 -u https://doh.dns.sb/dns-query -b 185.222.222.222:53
Restart=on-failure
 
[Install]
WantedBy=multi-user.target

Enable and start the service:

Terminal


sudo systemctl daemon-reload
sudo systemctl enable --now dnsproxy

Configure System DNS

Follow the same method as How to change DNS settings on Linux.

Edit /etc/resolv.conf:

Terminal


sudo vim /etc/resolv.conf

Replace the nameserver lines with:

/etc/resolv.conf


nameserver 127.0.0.1

Save the file. Your system is now using DNS over HTTPS.