Docs / Networking / How to Set Up DNS Over HTTPS (DoH) on Your Server

How to Set Up DNS Over HTTPS (DoH) on Your Server

By Admin · Mar 15, 2026 · Updated Apr 23, 2026 · 162 views · 1 min read

DNS over HTTPS (DoH) encrypts DNS queries, preventing eavesdropping and manipulation of DNS traffic. This guide covers setting up a DoH client on your server and running your own DoH resolver.

Why DNS Over HTTPS?

  • Prevents ISP/network operator from seeing your DNS queries
  • Protects against DNS spoofing and manipulation
  • Bypasses DNS-based censorship
  • Ensures privacy for DNS resolution

Using DoH as a Client

# Option 1: systemd-resolved (Ubuntu 22.04+)
sudo nano /etc/systemd/resolved.conf
[Resolve]
DNS=1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google
DNSOverTLS=yes

sudo systemctl restart systemd-resolved
resolvectl status

Option 2: cloudflared DNS Proxy

# Install cloudflared
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare.gpg
echo "deb [signed-by=/usr/share/keyrings/cloudflare.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list
sudo apt update && sudo apt install cloudflared

# Run as DNS proxy
sudo cloudflared proxy-dns --port 5053 --upstream https://1.1.1.1/dns-query

# Point resolv.conf to local proxy
echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf

# Test
dig @127.0.0.1 -p 5053 example.com

Running Your Own DoH Server

# Use CoreDNS as a DoH server
# Install CoreDNS
wget https://github.com/coredns/coredns/releases/latest/download/coredns_linux_amd64.tgz
tar xzf coredns_linux_amd64.tgz

# Configure Corefile
cat > Corefile

Was this article helpful?

Related Articles