DoH Tutorial Walk Through

Part 1: Architecture, Dnscrypt-Proxy, Configuration

Photo by Dayne Topkin on Unsplash

Introduction / Overview

Every since I have heard about the DoH (DNS over HTTPS) server on Linux Action News, I’ve wanted to set one up myself and also work on some other monitoring tools to as well. I like to document running through these tutorials and drill down into the hick-ups along the way because there are always hick-ups. I find that the best learning happens when things don’t work as planned. In the process of finding out why something is not working you also learn so many other things along the way.

For this tutorial I am following instructions from Antoine Aflalo’s page. It is very well laid out and easy to follow. In my setup I decided to use the Debian 9 (Stretch) and am hosting in AWS.

Installation

The simple installation of dnscrypt works just fine. As soon as I get to the configuration I run into issues. The command sudo add-apt-repository shows as not found (this is to use PPA to install programs). So I investigated why that is so. It turns out that the package add-apt-repository is not automatically installed on Debian or Ubuntu and in order to use this method of installation you must first install that package. A simple Google search reveals the command needed to install the package. And it is NOT sudo apt install add-apt-repository. The actual command to install the package is sudo apt-get install software-properties-common. You can find an explanation of why that is here.

Configuration

After installation I was unable able to locate the .toml file mentioned in the tutorial. As a result I went back to review the installation using PPA and noticed the following output:

gpg:failed to start the dirmngr'/usr/bin/dirmngr': No such file or directory
…….

gpg:keyserver receive failed: No dirmngr

From a quick Google search I have also realized that dirmngr needs to be installed as well. The command for that is as follows sudo apt-get install dirmngr --install-recommends Now when we run the command sudo add-apt repository ppa:shevchuk/dnscrypt-proxy the output returns the following:

gpg: keybox ‘/tmp/tmpxxxxxx/pubring.gpg’ created
gpg: /tmp/tmpxxxxxx/trustdb.gpg: trustdb created
gpg: key xxxxxxxxxx: public key “Launchpad PPA for Andrei Shevchuk” imported
gpg: Total number processed: 1

After executing this command, I still did not locate the .toml file so I pulled the repository into my user folder and used nano to edit and rename the .toml file and then to /etc/dnscrypt-proxy/

After editing the file and renaming it to “dnscrypt-proxy.toml” move the file to the appropriate directory and then verify that it has been moved.

sudo mv dnscrypt-proxy.toml /etc/dnscrypt-proxy/

ls /etc/dnscrypt-proxy/

Once the file has been moved, restart the service.

sudo systemctl restart dnscrypt-proxy

Recap

If you are using this tutorial and using Debian or Ubuntu, I would add the following commands before beginning your installation:

  • sudo apt-get install software-properties-common
  • sudo apt-get install dirmngr --install-recommends

It the next part of this article we will go through install and setup of the DNS-over-HTTPS server.