Netplan DNS-over-HTTPS via dnscrypt-proxy
Install dnscrypt-proxy
apt install dnscrypt-proxy
Add the following to /etc/dnscrypt-proxy/dnscrypt-proxy.toml
# Empty listen_addresses to use systemd socket activation
listen_addresses = []
server_names = ['quad9-doh-ip4-port443-nofilter-ecs-pri']
[query_log]
file = '/var/log/dnscrypt-proxy/query.log'
[nx_log]
file = '/var/log/dnscrypt-proxy/nx.log'
[sources]
[sources.'public-resolvers']
url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
Change your /etc/netplan/XXX.yaml or whatever pre-configured file your VPS provider has
Basically just edit your DNS server and change it to 127.0.2.1.
network:
version: 2
ethernets:
eth0:
match:
macaddress: "00:00:00:00:00:00" # VPS MAC address
addresses:
- "1.3.3.7/24" # IPv4 of your VPS
- "0000:0000:000:000::1/64" # IPv6 of your VPS
nameservers:
addresses: # IP on which dnscrypt-proxy is running,
- "127.0.2.1" # by default is 127.0.2.1
set-name: "eth0"
routes:
- to: "default"
via: "1.3.3.1" # Gateway IPv4
- on-link: true
to: "default"
via: "fe80::1" # Gateway IPv6
Run
systemctl enable dnscrypt-proxy --now
netplan apply
It’s a good practice to reboot your VPS afterwards :)