How to set DNS over TLS on Linux
This guide uses systemd-resolved, which is available on most modern Linux distributions.
Enable systemd-resolved
Terminal
sudo systemctl enable --now systemd-resolvedConfigure DNS over TLS
Edit /etc/systemd/resolved.conf:
Terminal
sudo vim /etc/systemd/resolved.confAdd the following configuration:
/etc/systemd/resolved.conf
[Resolve]
DNS=185.222.222.222 45.11.45.11 2a09:: 2a11::
DNSOverTLS=yes
DNSSEC=yesAlternatively, you can specify the hostname explicitly:
/etc/systemd/resolved.conf
[Resolve]
DNS=185.222.222.222#dot.sb 45.11.45.11#dot.sb 2a09::#dot.sb 2a11::#dot.sb
DNSOverTLS=yes
DNSSEC=yesRestart the Service
Terminal
sudo systemctl restart systemd-resolvedConfigure System DNS
Edit /etc/resolv.conf:
Terminal
sudo vim /etc/resolv.confSet the nameserver to the local resolver:
/etc/resolv.conf
nameserver 127.0.0.53Verify Configuration
Test the DNS resolution:
Terminal
dig example.comYou should see a response similar to:
Output
;; ANSWER SECTION:
example.com. 3309 IN A 93.184.216.34
;; SERVER: 127.0.0.53#53(127.0.0.53)The SERVER: 127.0.0.53#53 in the response confirms that systemd-resolved is handling DNS queries correctly.
Last updated on