Hey Everyone,
Wanted to share my implementation for setting up a local DNS over HTTPS server for my home LAN.
I’m currently running my DOH server as a VM on a Synology DS918+
Specs:
-
OS: Ubuntu 18.04 LTS Base Server
-
DNS Server: Unbound
-
DOH Software: DNSCrypt-Proxy
-
DOH Provider: CloudFlare
-
Disk: 32GB HD
-
RAM: 512MB
Setup your server with a static IP
$ sudo add-apt-repository ppa:shevchuk/dnscrypt-proxy
$ sudo apt update
$ sudo apt -y install dnscrypt-proxy unbound
Add the following to /etc/unbound/unbound.conf (interface should be your servers static ip, access-control is any subnet that should have access to the DNS server)
server:
do-not-query-localhost: no
interface: x.x.x.x
access-control: x.x.x.x/xx allow
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-port: 8953
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
python:
forward-zone:
name: "."
forward-addr: 127.0.2.1@53
$ sudo unbound-control-setup
Add the following to /etc/dnscrypt-proxy/dnscrypt-proxy.toml
server_names = ['cloudflare', 'cloudflare-ipv6']
Change the following in /etc/netplan/50-cloud-init.yaml (should be your servers static IP address)
nameservers:
addresses:
- x.x.x.x
```
$ sudo netplan apply
$ sudo service unbound start
$ sudo service dnscrypt-proxy start
```
And that’s it, all DNS queries made against this server will be sent over HTTPS to Cloudflare. You can use any DOH service you like, I chose Cloudflare as they are currently super fast, but you can swap in other providers in the dnscrypt-proxy.toml
You can test if this is working via: