#######################################################################################################################v # enable new DNS over TLSv1.2 encrypted communications # in Ubuntu 18.04 64-bit using a bash shell script # Source: https://www.linuxbabe.com/ubuntu/ubuntu-stubby-dns-over-tls sudo apt purge unbound avahi-daemon LogTime=$(date '+%Y-%m-%d_%Hh%Mm%Ss') cp /etc/resolv.conf $HOME/resolv.conf_$LogTime cp /etc/nsswitch.conf $HOME/nsswitch.conf_$LogTime cp /etc/systemd/resolved.conf $HOME/resolved.conf_$LogTime cp /etc/network/interfaces $HOME/interfaces_$LogTime sudo service resolvconf stop sudo update-rc.d resolvconf remove sudo apt install stubby systemctl status stubby sudo netstat -lnptu | grep stubby sudo netstat -lnptu | grep systemd-resolve cp /etc/resolv.conf /tmp/resolv.conf grep -v nameserver /tmp/resolv.conf > /tmp/resolv.conf.1 echo 'nameserver 127.0.0.1' >> /tmp/resolv.conf.1 # echo 'nameserver 2620:fe::fe' >> /tmp/resolv.conf.1 echo 'domain dnsknowledge.com' >> /tmp/resolv.conf.1 echo 'options rotate' >> /tmp/resolv.conf.1 sudo cp /tmp/resolv.conf.1 /etc/resolv.conf sudo service resolvconf start # configure DNS server on Ubuntu 18.04 LTS: cp /etc/network/interfaces /tmp/interfaces grep -v nameservers /tmp/interfaces > /tmp/interfaces.1 grep -v search /tmp/interfaces.1 > /tmp/interfaces.2 grep -v options /tmp/interfaces.2 > /tmp/interfaces.3 #echo 'dns-nameservers 9.9.9.9 2620:fe::fe' >> /tmp/interfaces.3 echo 'dns-nameservers 127.0.0.1' >> /tmp/interfaces.3 echo 'dns-search dnsknowledge.com' >> /tmp/interfaces.3 echo 'dns-options rotate' >> /tmp/interfaces.3 sudo cp /tmp/interfaces.3 /etc/network/interfaces # enable systemd caching DNS resolver rm /tmp/nsswitch.conf rm /tmp/nsswitch.conf.1 cp /etc/nsswitch.conf /tmp/nsswitch.conf grep -v hosts /tmp/nsswitch.conf > /tmp/nsswitch.conf.1 # dns must be mentioned in next line, or else wget does not work echo 'hosts: files mdns4_minimal [NOTFOUND=return] resolv dns myhostname mymachines' >> /tmp/nsswitch.conf.1 sudo cp /tmp/nsswitch.conf.1 /etc/nsswitch.conf # set DNS server to 127.0.0.1 rm /tmp/resolved.conf rm /tmp/resolved.conf.1 cp /etc/systemd/resolved.conf /tmp/resolved.conf grep -v DNS /tmp/resolved.conf > /tmp/resolved.conf.1 #echo 'DNS=9.9.9.9' >> /tmp/resolved.conf.1 echo 'DNS=127.0.0.1' >> /tmp/resolved.conf.1 echo 'DNSSEC=yes' >> /tmp/resolved.conf.1 sudo cp /tmp/resolved.conf.1 /etc/systemd/resolved.conf sudo systemd-resolve --flush-caches sudo systemctl restart systemd-resolved sudo systemd-resolve --flush-caches sudo systemd-resolve --status # It is probably also necessary to manually set # the DNS server to 127.0.0.1 in the router's configuration # and in the NetworkManager GUI # Then reboot your PC to enable new DNS over TLSv1.2 encrypted communications # Use wireshark application and capture encrypted DNS packages on port 853 # There should be no more DNS handshakes on port 53 and only encrypted DNS handshakes on port 853 # Test DNSSEC validation using dig command-line tool # See: https://docs.menandmice.com/display/MM/How+to+test+DNSSEC+validation dig pir.org +dnssec +multi host dnsknowledge.com # To get similar functionality on iOS: install "DNSCloak" application # To get similar functionality on Android: install "Intra" application
Posts Tagged ‘DoH’
How to enable new DNS over TLSv1.2 encrypted communications in Ubuntu 18.04 64-bit using a bash shell script
Posted: 2018/11/02 in Security, UbuntuTags: 18.04, bash, bash shell script, dns, dnssec, DoH, encryption, Linux, script, stubby, TLS, ubuntu
0