DoH with dnsproxy by AdguardTeam

By me, Thomas

Requirements

We will need git in order to get dnsproxy from the AdguardTeam github repo.

sudo apt update && sudo apt install git -y

dnsproxy needs to be build using Go.
Don’t let that scare you away, it’s fairly straightforward.
For this reason however, we need to get this first.
The minimum required version is v1.14.

Install Go

The latest version available at time of writing this is v1.16 .

1. Download

   wget https://golang.org/dl/go1.16.linux-amd64.tar.gz
   

2. Install
   If you have an existing Go installation, remove it via sudo rm -rf /usr/local/go
   Install:

   sudo tar -C /usr/local -xzf go1.16.linux.amd64.tar.gz
   

3. Add to PATH

   export PATH=$PATH:/usr/local/go/bin
   

4. Verify it worked

   go version
   

   That should print the version of Go.
   If it didn’t work and you did follow the steps above, you may find more help on the golang site.

Install dnsproxy

1. Download it from github

   git clone https://github.com/AdguardTeam/dnsproxy
   

2. Enter and build dnsproxy

   cd dnsproxy
   go build -mod=vendor
   

   This will provide you with an executable dnsproxy file that you can use.
   Place it where ever you like, maybe somewhere secure.

3. Systemd service
   Create a service we can use to keep it running easily.
   To do this we will create a .service file:

   sudo vim /etc/systemd/system/dnsproxy.service
   

   And add the following config to it:

   [Unit]
   Description=DNS Proxy Service
   After=network.target
   ‎
   [Service]
   Type=simple
   Restart=Always
   ExecStart=/path/to/dnsproxy -u https://dns.adguard.com/dns-query -b 1.1.1.1:53 -p 443
   ‎
   [Install]
   WantedBy=multi-user.target
   

   Make sure you change /path/to/dnsproxy to the path you used!
   Short explanation of the command we’ll execute there.
   You can get more info of the available options of dnsproxy via dnsproxy -h.
   Personally I use DoH via adguard’s DNS resolvers.

   • We specify their DoH url via the -u option
   • Specify a bootstrap address for the initial DNS request with b
     Here I picked Cloudflare but you could use anything else here. (eg 8.8.8.8)
   • Finally the port for the service to listen on with -p
     More options for the -u option are available
4. Reload systemctl

   sudo systemctl daemon-reload
   

5. Start and verify the service works
   • Check if the service can start

     sudo service dnsproxy start
     sudo service dnsproxy status
     

     Verify the output is good (service is running, no errors, …)

   • Check if the service is listening on the correct port

     sudo netstat -ntlpa
     

     Verify there’s output for the dnsproxy service listening on port 443

   • Check if the resolver works

     nslookup google.com 127.0.0.1:443 -port=443
     

   • Reboot and repeat the steps above to make sure it doesn’t break after a reboot

You should now be able to use this server as DNS server, on port 443.
It might make more sense to use the port 53, if so you can just use that as well.

• tutorials (21)

• linux (11) ,
• cli (15) ,
• debian (9) ,
• dns (1) ,
• https (1)