You are not logged in.
Hello,
I'm somewhat of a noob so please be patient with me. I'm trying to set up a different dns and have it encrypted as well. I already know a server but I'm stuck getting it to work. DNS leak tests show me that it's not working. I've been trying to use CoreDNS but now I'm not sure whether this is the right service for me. I don't want anything google related. I just want to set up 2 different servers I chose.
I've used this tutorial: https://dev.to/n1try/how-to-enable-dns- … redns-18mp
but I get the impression that you can only use google or quad9 but I guess you can also use something else? Maybe you can do so without additional software?
How can I do that?
Thank you guys,
archie
Last edited by archieology (2022-01-29 15:03:58)
Offline
So you want to set up a DNS over TLS client/resolver? You don't need to use CoreDNS, there are many options.
Pick something from Domain name resolution#DNS servers that has "Yes" or "Resolver" in the "DNS over TLS" column. E.g. systemd-resolved or Unbound. Their wiki pages explain how to set them up and how to configure forwarding using DNS over TLS.
Offline
Hi. Thank you. Now I have an issue as in it is now configured "globally" using https://wiki.archlinux.org/title/systemd-resolved but my wifi still shows the same output? How can I include it?
I've edited the resolved.conf with nano.
I've enabled DoT, DNSSEC. Everything else is default. There is no .d file to be found. Then I've installed systemd-resolveconf. After that I've activated the service using systemctl start and enable .service
For DNS/Fallback I've used the format ip:port#nameoftheserver
Last edited by archieology (2022-01-21 10:48:05)
Offline
The /etc/systemd/resolved.conf.d/ directory is not there by default, so you'd need to create it first. But it doesn't matter if you create drop-in configuration files there or simply edit /etc/systemd/resolved.conf as you did.
my wifi still shows the same output? How can I include it?
What do you mean by this?
Did you create the symlink as instructed in https://wiki.archlinux.org/title/Systemd-resolved#DNS ?
Post your /etc/systemd/resolved.conf.
Offline
Yes I followed all steps from Installation to automatically. The output of resolvectl status is 1. Global where it shows the right DNS server and fallback server as well as 2. Link (2) Wifi where it shows the standard dns server that I usually use
Last edited by archieology (2022-01-21 17:03:42)
Offline
AFAIK it should work as long as you have
DNS Domain: ~.in the Global section.
Offline
HI again.. I've accidentally deleted the file. resolved.conf. How can I get it back? Apparently it get's recreated by itself but it didn't happen for me. In the meantime I will try to recreate it. So I didn't include this in the Domain section. Maybe this would have solved the issue that it's showing the same dns server on wifi link2?
edit: this is what it looks like right now
resolvectl status
Global
Protocols: +LLMNR +mDNS DNSOverTLS=opportunistic DNSSEC=yes/supported
resolv.conf mode: stub
Current DNS Server: ipv4
DNS Servers: ipv6
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 9.9.9.10#dns.quad9.net
8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com
2620:fe::10#dns.quad9.net 2001:4860:4860::8888#dns.google
#not configured yet..
DNS Domain: ~.
Link 2 (wifi0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS DNSOverTLS=opportunistic
DNSSEC=yes/supported
Current DNS Server: currently used ip4 that i've wanted to replace
DNS Servers: current used ipv6 that I wanted to replace+ an additional number I can't identify
[Resolve]
DNS=ip4 ip6
#FallbackDNS=
Domains=~.
#LLMNR=no
#MulticastDNS=no
DNSSEC=true
DNSOverTLS=opportunistic
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yesEDIT2: Now it works! Phew! Finally. Thank you for your support. You were absolutely right.
Last edited by archieology (2022-01-21 20:47:54)
Offline
DNSOverTLS=opportunistic
If you'll only be connecting to name servers that support DNS over TLS, you may want to set it to:
DNSOverTLS=yesOffline
Yes I've tried that and wanted to do that as well but for some reason it won't work if I put it the way I wanted it. I've tried it with two different servers who claim to be used with DoT. I have a hard time believing that they're all misconfigured so I'm not sure what I can do to fix it. If I enable it, I cannot use the internet anymore.
Offline
DoT works now. I just had to add the names of the servers to the ip with #.
Offline