Setup Global Dns Over Https On Arch Linux

Want to secure all your DNS traffic with DNS over HTTPS (DoH) on Arch Linux? Here’s a straightforward way to set it up using dns-over-https, along with a dummy network interface for cases where 127.0.0.1:53 is already in use.

1. Install the DNS-over-HTTPS Package

First, install the DoH client:

sudo pacman -Sy dns-over-https

2. Create a Dummy Network Interface

Since 127.0.0.1:53 might be in use by another service, we’ll use a dummy network interface with its own IP address. Follow this guide if you haven’t set it up yet.

3. Configure DNS-over-HTTPS

Edit the DoH client configuration:

sudo nano /etc/dns-over-https/doh-client.conf

Update the listen addresses so that the DoH client binds to your dummy interface IPs:

listen = [
    "[2001:db8::10]:53",
    "[2001:db8::10]:5380",
    "10.10.10.10:53",
    "10.10.10.10:5380",
]

4. Adjust Your Firewall

Before starting the DoH service, update your firewall settings:

Move dummy0 to the internal zone:

sudo firewall-cmd --zone=internal --change-interface=dummy0 --permanent

Allow DNS (port 53/udp) on the internal zone:

sudo firewall-cmd --zone=internal --add-port=53/udp --permanent

Reload firewalld to apply the changes:

sudo firewall-cmd --reload

5. Enable and Start the DoH Client

Start the DoH service and enable it at boot:

sudo systemctl enable --now doh-client.service
sudo systemctl status doh-client.service

Check that it’s running without errors.

6. Update Your System DNS

Update your network connection to use 10.10.10.10 (your dummy interface IP) as the DNS server, then reconnect. Now, all your DNS traffic will use DoH!