Edit /etc/systemd/resolved.conf, make sure you set the following lines (notice the DNSSEC and DNSOverTLS):
[Resolve]
#DNS=
#FallbackDNS=
#Domains=
DNSSEC=yes
DNSOverTLS=opportunistic
#MulticastDNS=no
#LLMNR=no
#Cache=no-negative
#CacheFromLocalhost=no
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=noThen restart the services:
sudo systemctl restart systemd-resolved
sudo systemctl restart NetworkManagerMy original intention with option DNSOverTLS set to opportunistic is to support Mikrotik’s Walled Garden Wifis that often hijack early connections to make sure you logged in first. — Thanks to opinion_no9 (From https://askubuntu.com/a/1111592/647986) for the option insights!
That being said, if you’re configuring your own computer that doesn’t move around, maybe just set it to yes to stop pesky ISPs sniffing your juicy Tokohijau Traffics.
References:
- https://medium.com/@jawadalkassim/enable-dns-over-tls-in-linux-using-systemd-b03e44448c1c
- https://askubuntu.com/q/1092498/647986
- https://www.ubuntubuzz.com/2022/04/enable-browsing-with-dns-over-tls-dot-on-ubuntu-made-easy.html
Issues to track:
- DoH Support for systemd
https://github.com/systemd/systemd/issues/8639