systemd-resolved dns over https (doh) with custom port and domain

I want to use dns over https (doh) on my system (Ubuntu 22 LTS) and connect to a server (smartSNI) which is listening on port 9443, but the DNS resolution doesn’t work correctly.

resolvectl --version returns systemd 249 (249.11-0ubuntu3.12), I think it should support doh.

The /etc/systemd/resolved.conf :

[Resolve]
DNS=xxx.xxx.xxx.xxx:9443#subdomain.domain.com/dns-query
DNSOverTLS=yes

The /etc/resolv.conf contains this line nameserver 127.0.0.53

After systemctl restart systemd-resolved.service , my DNS resolving doesn’t work correctly. What should I do?

Asked By: Omid Estaji

||

systemd-resolved does not support DNS over HTTPS yet.

You can use DNS over TLS, but it’s not the HTTP protocol format and uses port 853:

# /etc/systemd/resolved.conf
[Resolve]
DNS=8.8.8.8#dns.google
FallbackDNS=8.8.4.4#dns.google
Domains=~.
DNSSEC=yes
DNSOverTLS=yes

If you really need DNS over the HTTPS protocol (port 443 or any other port), you can explore dnsmasq.

Answered By: Daniel T
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.