{"id":2169,"date":"2018-10-05T20:25:47","date_gmt":"2018-10-05T11:25:47","guid":{"rendered":"http:\/\/matoken.org\/blog\/?p=2169"},"modified":"2018-10-05T20:25:47","modified_gmt":"2018-10-05T11:25:47","slug":"using-dns-over-https-on-linux","status":"publish","type":"post","link":"https:\/\/matoken.org\/blog\/2018\/10\/05\/using-dns-over-https-on-linux\/","title":{"rendered":"Linux \u3067 DNS-over-HTTPS \u3092\u5229\u7528\u3059\u308b"},"content":{"rendered":"<div id=\"__asciidoctor-preview-1__\" class=\"paragraph\">\n<p>Android \u3067 DNS-over-HTTPS \u304c\u7c21\u5358\u306b\u51fa\u6765\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\uff0e<\/p>\n<\/div>\n<div id=\"__asciidoctor-preview-2__\" class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"https:\/\/matoken.org\/blog\/2018\/10\/05\/try-intra-a-bit-to-make-dns-over-https-compatible-with-android-4-0-or-later\/\">Android 4.0 \u4ee5\u964d\u3092 DNS-over-HTTPS \u5bfe\u5fdc\u306b\u3059\u308b Intra \u3092\u5c11\u3057\u8a66\u3059 \u2013 matoken\u2019s meme<\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<div id=\"__asciidoctor-preview-3__\" class=\"paragraph\">\n<p>Linux\u3060\u3069\u3046\u306a\u3093\u3060\u308d\u3046\u3068\u4ee5\u4e0b\u306e`dns-over-https` \u3092\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e\u3053\u3053\u3067\u306f Debian sid amd64 \u3067\u8a66\u3057\u3066\u3044\u307e\u3059\u304c\uff0c\u516c\u5f0f\u306e\u624b\u9806\u306b\u306f Ubuntu 18.04 LTS, macOS \u306e\u624b\u9806\u304c\u8f09\u3063\u3066\u3044\u307e\u3059\uff0e<\/p>\n<\/div>\n<div id=\"__asciidoctor-preview-4__\" class=\"ulist\">\n<ul>\n<li>\n<p><a href=\"https:\/\/github.com\/m13253\/dns-over-https\">m13253\/dns-over-https: High performance DNS over HTTPS client &amp; server<\/a><\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/dns-over-https.com\/setup\/\">Setup Guide &#8211; DNS-over-HTTPS.com<\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<div id=\"__asciidoctor-preview-5__\" class=\"listingblock\">\n<div class=\"title\">\u5c0e\u5165\u4f8b<\/div>\n<div class=\"content\">\n<pre>$ sudo apt install git golang\r\n$ git clone https:\/\/github.com\/m13253\/dns-over-https.git\r\n$ cd dns-over-https\r\n$ make\r\n$ sudo checkinstall<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-6__\" class=\"listingblock\">\n<div class=\"title\">\u898f\u5b9a\u5024\u306e\u30b5\u30fc\u30d0\u306f <a href=\"https:\/\/dns.google.com\/\">Google Public DNS<\/a> \u306b\u306a\u3063\u3066\u3044\u308b\uff0e\u5909\u66f4\u3057\u305f\u3044\u5834\u5408\u306f\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb( <code style=\"font-family: monospace;\">\/etc\/dns-over-https\/doh-client.conf<\/code> )\u3092\u7de8\u96c6<\/div>\n<div class=\"content\">\n<pre>$ sudo edit \/etc\/dns-over-https\/doh-client.conf<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-7__\" class=\"listingblock\">\n<div class=\"title\">CleanBrowsing\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d5\u30a3\u30eb\u30bf\u30fc\u3092\u5229\u7528\u3059\u308b\u5834\u5408\u306e\u8a2d\u5b9a\u4f8b<\/div>\n<div class=\"content\">\n<pre>diff --git a\/dns-over-https\/doh-client.conf b\/dns-over-https\/doh-client.conf\r\nindex 3b5de14..1791397 100644\r\n--- a\/dns-over-https\/doh-client.conf\r\n+++ b\/dns-over-https\/doh-client.conf\r\n@@ -11,7 +11,7 @@ listen = [\r\n upstream_google = [\r\n\r\n     # Google's productive resolver, good ECS, bad DNSSEC\r\n-    \"https:\/\/dns.google.com\/resolve\",\r\n+    #\"https:\/\/dns.google.com\/resolve\",\r\n\r\n     # CloudFlare's resolver, bad ECS, good DNSSEC\r\n     #\"https:\/\/cloudflare-dns.com\/dns-query\",\r\n@@ -39,6 +39,9 @@ upstream_ietf = [\r\n     # Blog: https:\/\/blog.cloudflare.com\/welcome-hidden-resolver\/\r\n     #\"https:\/\/dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion\/dns-query\",\r\n\r\n+    # CleanBrowsing https:\/\/cleanbrowsing.org\/dnsoverhttps\r\n+    \"https:\/\/doh.cleanbrowsing.org\/doh\/security-filter\/\"\r\n+\r\n ]\r\n\r\n # Bootstrap DNS server to resolve the address of the upstream resolver<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-8__\" class=\"listingblock\">\n<div class=\"title\">\u8d77\u52d5<\/div>\n<div class=\"content\">\n<pre>$ sudo systemctl restart doh-client<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-9__\" class=\"listingblock\">\n<div class=\"title\">\u540d\u524d\u304c\u5f15\u3051\u308b\u306e\u3092\u78ba\u8a8d<\/div>\n<div class=\"content\">\n<pre>$ dig @127.0.0.1 | grep SERVER\r\n;; SERVER: 127.0.0.1#53(127.0.0.1)<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-10__\" class=\"listingblock\">\n<div class=\"title\">trace<\/div>\n<div class=\"content\">\n<pre>$ dig +trace matoken.org @127.0.0.1\r\n\r\n; &lt;&lt;&gt;&gt; DiG 9.11.4-P2-3-Debian &lt;&lt;&gt;&gt; +trace matoken.org @127.0.0.1\r\n;; global options: +cmd\r\n.                       24820   IN      NS      m.root-servers.net.\r\n.                       24820   IN      NS      b.root-servers.net.\r\n.                       24820   IN      NS      c.root-servers.net.\r\n.                       24820   IN      NS      d.root-servers.net.\r\n.                       24820   IN      NS      e.root-servers.net.\r\n.                       24820   IN      NS      f.root-servers.net.\r\n.                       24820   IN      NS      g.root-servers.net.\r\n.                       24820   IN      NS      h.root-servers.net.\r\n.                       24820   IN      NS      i.root-servers.net.\r\n.                       24820   IN      NS      j.root-servers.net.\r\n.                       24820   IN      NS      a.root-servers.net.\r\n.                       24820   IN      NS      k.root-servers.net.\r\n.                       24820   IN      NS      l.root-servers.net.\r\n;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 1334 ms\r\n\r\norg.                    172800  IN      NS      a0.org.afilias-nst.info.\r\norg.                    172800  IN      NS      a2.org.afilias-nst.info.\r\norg.                    172800  IN      NS      b0.org.afilias-nst.org.\r\norg.                    172800  IN      NS      b2.org.afilias-nst.org.\r\norg.                    172800  IN      NS      c0.org.afilias-nst.info.\r\norg.                    172800  IN      NS      d0.org.afilias-nst.org.\r\norg.                    86400   IN      DS      9795 7 1 364DFAB3DAF254CAB477B5675B10766DDAA24982\r\norg.                    86400   IN      DS      9795 7 2 3922B31B6F3A4EA92B19EB7B52120F031FD8E05FF0B03BAFCF9F891B FE7FF8E5\r\norg.                    86400   IN      RRSIG   DS 8 1 86400 20181018050000 20181005040000 2134 . bYogBWKVV1SnjoHjS5LnLBE1mWC6UwkYT6muOjcHnuMNzJM1DY3YhSCT d9QOYlvvprUyD37xYIQ10BUZQ8hcNpnQ2TPUTNzd621lsqth6QK8zDN6 eP5AvZXlPy+9wni71rJIHy1wzepn9yrh3jp70zZhnEVxxgItWaYzsayY Jf+UfFQPmOKX0gn0GqcQ09CSZHdZhwbUT2AT1Rs0atkj6VaOy2TT1aQ1 gAtGF+5uA4uqLJegiEe\/zneTeyuNE5QDQWKUNaeWEDE9kxylhv6m\/3vE tQ8EHFpzOL9x+ed25LNcnRXH8K\/xCW43R1FyaVNaA6xcsvGHCysqLneI v\/RYMQ==\r\n;; Received 813 bytes from 193.0.14.129#53(k.root-servers.net) in 210 ms\r\n\r\nmatoken.org.            86400   IN      NS      ns-cloud-d2.googledomains.com.\r\nmatoken.org.            86400   IN      NS      ns-cloud-d4.googledomains.com.\r\nmatoken.org.            86400   IN      NS      ns-cloud-d1.googledomains.com.\r\nmatoken.org.            86400   IN      NS      ns-cloud-d3.googledomains.com.\r\nh9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN NSEC3 1 1 1 D399EAAB H9PARR669T6U8O1GSG9E1LMITK4DEM0T NS SOA RRSIG DNSKEY NSEC3PARAM\r\nh9p7u7tr2u91d0v0ljs9l1gidnp90u3h.org. 86400 IN RRSIG NSEC3 7 2 86400 20181026101800 20181005091800 1862 org. edCrqcIYiHlMMzuacuX0DlobcQkymqClpK5C4QLzsNWtvp942bFRjbb2 WDX\/6TsHO0noBNoKH2i+TU70WqpW7sVsXbjV9nkeLMZjxz\/VLyAJOXWk 2ITvZwhjbe96lCSAIafm824pBx94ruieKZ2Yj8pYTBIrhDBoffjPhuem 44k=\r\na85qqkk8n39d1c6m55g8ucjhm6u3jjcs.org. 86400 IN NSEC3 1 1 1 D399EAAB A86TS1MQ34BR2A3D3CT8D5SCHKAPPBPJ NS DS RRSIG\r\na85qqkk8n39d1c6m55g8ucjhm6u3jjcs.org. 86400 IN RRSIG NSEC3 7 2 86400 20181022152743 20181001142743 1862 org. G15dhaW+53QBX9nTtsIUCnSRrMO0FCkQJE3jydb6hmRQEA328trp9OqK 6fuvl+RZBhBFeMeJV1Tz0Uezp9YvymfRWwdHiiFFLy3KBt5cTZJUXxTZ jXnMT9PoHZcIVJzN65vqQHDI2MzWYoQYr1WoKmJxOC5FQzFctZElyzEq fNQ=\r\n;; Received 654 bytes from 199.19.56.1#53(a0.org.afilias-nst.info) in 217 ms\r\n\r\nmatoken.org.            120     IN      A       153.121.44.87\r\n;; Received 56 bytes from 216.239.38.109#53(ns-cloud-d4.googledomains.com) in 388 ms<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-11__\" class=\"paragraph\">\n<p>\u30d1\u30b1\u30c3\u30c8\u30ad\u30e3\u30d7\u30c1\u30e3\u3057\u3066\u307f\u308b<\/p>\n<\/div>\n<div id=\"__asciidoctor-preview-12__\" class=\"ulist\">\n<ul>\n<li>\n<p>\u901a\u5e38\u306eDNS<\/p>\n<\/li>\n<\/ul>\n<\/div>\n<div id=\"__asciidoctor-preview-13__\" class=\"listingblock\">\n<div class=\"title\"><code style=\"font-family: monospace;\">dig 2quepghecPeuj.matoken.org<\/code><\/div>\n<div class=\"content\">\n<pre>$ sudo tcpdump -n -nn -t -l -A -s0 2&gt;\/dev\/null | grep 2quepghecPeuj.matoken.org\r\nIP 192.168.2.203.49026 &gt; 192.168.2.211.53: 49901+ [1au] A? 2quepghecPeuj.matoken.org. (66)\r\nE..^.,..@.0t...........5.J..... .........2quepghecPeuj.matoken.org.......).........\r\nE...z.@.@.8f.........5...w............. .2quepghecPeuj.matoken.org..............x...y,W........2....ns-cloud-d2.googledomains.com.........2....ns-cloud-d4.S........2....ns-cloud-d1.S........2....ns-cloud-d3.S.........d.... m.G.......+....\"m.........D....$m.r......#P....&amp;m............ .H`H..2.......m.G......+W.. .H`H..4.......m............ .H`H..6.......m.r......Ov.. .H`H..8.......m..)........\r\n^C<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-14__\" class=\"ulist\">\n<ul>\n<li>\n<p>DNS over HTTPS<\/p>\n<\/li>\n<\/ul>\n<\/div>\n<div id=\"__asciidoctor-preview-15__\" class=\"paragraph\">\n<p>\u540d\u524d\u306f\u898b\u5f53\u305f\u3089\u306a\u3044<\/p>\n<\/div>\n<div id=\"__asciidoctor-preview-16__\" class=\"listingblock\">\n<div class=\"title\"><code style=\"font-family: monospace;\">dig 2quepghecPeuj.matoken.org @127.0.0.1<\/code><\/div>\n<div class=\"content\">\n<pre>$ sudo tcpdump -n -nn -t -l -A -s0 2&gt;\/dev\/null | grep 2quepghecPeuj.matoken.org\r\n^C<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-17__\" class=\"paragraph\">\n<p>loopback \u90e8\u5206\u306fHTTPS\u306b\u306a\u308b\u524d\u306e\u90e8\u5206\u306f\u898b\u3048\u308b<\/p>\n<\/div>\n<div id=\"__asciidoctor-preview-18__\" class=\"listingblock\">\n<div class=\"title\"><code style=\"font-family: monospace;\">dig 2quepghecPeuj.matoken.org @127.0.0.1<\/code><\/div>\n<div class=\"content\">\n<pre>$ sudo tcpdump -i lo -n -nn -t -l -A -s0 2&gt;\/dev\/null | grep 2quepghecPeuj.matoken.org\r\nIP 127.0.0.1.52265 &gt; 127.0.0.1.53: 25766+ [1au] A? 2quepghecPeuj.matoken.org. (66)\r\nE..^C...@.8..........).5.J.]d.. .........2quepghecPeuj.matoken.org.......).........\r\nE..bD(@.@..`.........5.).N.ad............2quepghecPeuj.matoken.org..............w...y,W..)........\r\n^C<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-19__\" class=\"listingblock\">\n<div class=\"title\">\u6c38\u7d9a\u5316<\/div>\n<div class=\"content\">\n<pre>$ sudo systemctl enable doh-client<\/pre>\n<\/div>\n<\/div>\n<div id=\"__asciidoctor-preview-20__\" class=\"paragraph\">\n<p>\u5f8c\u306f <code style=\"font-family: monospace;\">\/etc\/network\/interfaces<\/code> \u3084 NetworkManager \u3067 DNS server \u306b <code style=\"font-family: monospace;\">127.0.0.1<\/code> \u3092\u6307\u5b9a\u3059\u308b\uff0e<\/p>\n<\/div>\n<div id=\"__asciidoctor-preview-21__\" class=\"listingblock\">\n<div class=\"title\">\u74b0\u5883<\/div>\n<div class=\"content\">\n<pre>$ dpkg-query -W git golang dnsutils\r\ndnsutils        1:9.11.4.P2+dfsg-3\r\ngit     1:2.19.0-1\r\ngolang  2:1.10~5\r\n$ lsb_release -d\r\nDescription:    Debian GNU\/Linux unstable (sid)\r\n$ uname -m\r\nx86_64<\/pre>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Android \u3067 DNS-over-HTTPS \u304c\u7c21\u5358\u306b\u51fa\u6765\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\uff0e Android 4.0 \u4ee5\u964d\u3092 DNS-over-HTTPS \u5bfe\u5fdc\u306b\u3059\u308b Intra \u3092\u5c11\u3057\u8a66\u3059 \u2013 matoken\u2019s meme Li [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled_pings":false,"webmentions_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[7,6,199],"tags":[386,420],"class_list":["post-2169","post","type-post","status-publish","format-standard","hentry","category-debian-linux","category-linux","category-sid","tag-dns","tag-dns-over-https"],"_links":{"self":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/2169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/comments?post=2169"}],"version-history":[{"count":0,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/2169\/revisions"}],"wp:attachment":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/media?parent=2169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/categories?post=2169"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/tags?post=2169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}