Firefox DOH with dnscrypt-proxy, Let's Encrypt and nextdns.io

firefox_doh_with_dnscrypt-proxy_lets_encrypt_nextdns.md

This gist explains how to setup DOH for Firefox using dnscrypt-proxy and nextdns.io.

Get a Linux server with a static IP (DO droplet would work). Download and install dnscrypt-proxy. Edit dnscrypt-proxy.toml (see wiki):

[local_doh]
listen_addresses = ['123.456.789.1:3000']
path = "/dns-query"
cert_file = "fullchain.pem"
cert_key_file = "privkey.pem"
...
[static]

  [static.'myserver']
  stamp = 'sdns:copy_from_nextdns.io'

Setup a domain (example.com) to point to this server (123.456.789.1), get a certificate (fullchain.pem, privkey.pem) from Let's Encrypt. I used certbot with the dns challenge:

sudo certbot certonly --manual --preferred-challenges dns

Test that dnscrypt-proxy DOH server is running by going to https://example.com:3000/dns-query, you should see something like:

dnscrypt-proxy local DoH server

Now configure Firefox to use: https://example.com:3000/dns-query as the DOH server. Check with dnsleaktest.com. All queries should point to nextdns.io.

It is also possible to configure DNSfilter on Android to use this address. Use this line in the DNSfilter configuration:

123.456.789.1:3000::3000:DOH::https://example.com:3000/dns-query

Again check with dnsleaktest.com.

Have fun!

what ip is this 123.456.789.1 ?

what ip is this 123.456.789.1 ?

This is the IP using which the machine is reachable with ssh for example.

I see, the machine which is running dnscript-proxy !