DNS-over-TLS on the PinePhone
2023 March 4
As before, let's set up DNS-over-TLS, but this time on Mobian on the PinePhone.
Mobian uses systemd-resolved by default, which makes this pretty easy. I just edited /etc/systemd/resolved.conf and changed the following:
DNS=188.8.131.52#dns.quad9.net,2620:fe::fe#dns.quad9.net FallbackDNS=184.108.40.206#dns.quad9.net,2620:fe::9#dns.quad9.net DNSSEC=yes DNSOverTLS=yes
I restarted systemd-resolved and NetworkManager, and everything seems to be working fine so far!
(Note, I did enable DNSSEC, but you may not want to. That's up to you.)
You can run
resolvectl to check your DNS configuration. Per the Arch Wiki's recommendation, I checked that this setup was working using
ngrep. In terminal 1:
sudo ngrep port 53
In terminal 2:
sudo ngrep port 853
In terminal 3:
Terminal 1 does not output anything in response to the
dig command. Terminal 2 shows encrypted data.