I have been using DNS over HTTPS (DoH) for about as long as it has been possible on Firefox Nightly. At first it was out of idle curiosity as to how the protocol worked, but with my recent issues with residential DNS, I began to use it as my only DNS resolution method on my laptop. This week, however, partly spurred on by the increasing politicisation of DNS, a phrase that no man should have to write, I have set up my own DNS over HTTPS server.
The server is simply a combination of nginx to talk HTTP, dns-over-https to rewrite HTTP requests to DNS, and unbound to do DNS resolution. With LetsEncrypt on top, to add the S to HTTP and complete the protocol.
The server operates with the following conditions:
- No logging, other than of cumulative aggregated statistics for load measurement.
- It’s not a forwarder; it performs DNS resolution itself.
- DNSSEC is not enabled. It might be in the future.
- Adblock is not enabled. I have no immediate plans to enable it as I think this is something better enforced at a user-specific level.
I am reasonably committed to maintaining this resolver unless the cost of maintenance, in terms of either money or time, becomes exceptionally high. I’m not sure exactly what that threshold is yet.
If you would like to use my resolver, its URL is https://doh.li/dns-query
. Instructions
for setup on Firefox can be found
here.
In the long-term, there is other work around enabling easier deployment of DoH infrastructure and visibility into my own resolver which I would like to implement, which will hopefully be blog posts of their own!
Any questions or comments, please email me.