This gist explains how to setup DOH for Firefox using dnscrypt-proxy and nextdns.io.
Get a Linux server with a static IP (DO droplet would work). Download and install dnscrypt-proxy.
Edit dnscrypt-proxy.toml
(see wiki):
[local_doh]
listen_addresses = ['123.456.789.1:3000']
path = "/dns-query"
cert_file = "fullchain.pem"
cert_key_file = "privkey.pem"
...
[static]
[static.'myserver']
stamp = 'sdns:copy_from_nextdns.io'
Setup a domain (example.com) to point to this server (123.456.789.1), get a certificate (fullchain.pem
, privkey.pem
) from Let's Encrypt. I used certbot with the dns challenge:
sudo certbot certonly --manual --preferred-challenges dns
Test that dnscrypt-proxy DOH server is running by going to https://example.com:3000/dns-query, you should see something like:
dnscrypt-proxy local DoH server
Now configure Firefox to use: https://example.com:3000/dns-query
as the DOH server. Check with dnsleaktest.com. All queries should point to nextdns.io.
It is also possible to configure DNSfilter on Android to use this address. Use this line in the DNSfilter configuration:
123.456.789.1:3000::3000:DOH::https://example.com:3000/dns-query
Again check with dnsleaktest.com.
Have fun!
what ip is this 123.456.789.1 ?