What is the best / most recommended way to setup system-wide DNS over HTTPS?

I have DoH working in Firefox, but it doesn’t work with my system. I have tried and failed to setup dnscrypt-proxy to work with quad9, and I don’t think my system DNS is encrypted. Is there a good way to setup DoH servers system-wide?

Here’s a method to set up DoH system-wide replacing systemd-resolved with dnscrypt-proxy:

sudo dnf install dnscrypt-proxy
sudo sed -i -r -e 's/^(dnscrypt_servers = ).*$/\1false/' \
    /etc/dnscrypt-proxy/dnscrypt-proxy.toml
sudo systemctl --now mask systemd-resolved.service
sudo systemctl --now enable dnscrypt-proxy.service
sudo tee /etc/NetworkManager/conf.d/00-dns.conf << EOF > /dev/null
[main]
dns=none
systemd-resolved=false
EOF
sudo systemctl restart NetworkManager.service
sudo rm -f /etc/resolv.conf
sudo tee /etc/resolv.conf << EOF > /dev/null
nameserver 127.0.0.1
EOF
1 Like