Configuring Linux Ubuntu to use Lumiun DNS via DoT
This configuration will make Linux Ubuntu forward your DNS requests to Lumiun DNS, using the secure DoT (DNS-over-TLS) protocol. The configuration is done through the Unbound software.
In this article, we will cover the configuration in Linux Ubuntu. If you use Linux Mint, see this other article.
Step-by-step
-
Open a Terminal (locally or ssh).
-
Copy and paste the parameters below - Replace abcd1234 with your site ID, and also replace dns_server_1, dns_server_2, dns6_server_1, and dns6_server2 with the respective DNS servers for your site. All of these are listed on the sites page.
sudo apt update ; sudo apt -y install unbound curl
sudo bash -c "curl -o /etc/unbound/cacert.pem https://curl.se/ca/cacert.pem"
sudo bash -c "cat << EOF > /etc/unbound/unbound.conf.d/lumiundns.conf
server:
interface: 127.0.0.5
tls-cert-bundle: /etc/unbound/cacert.pem
forward-zone:
name: '.'
forward-tls-upstream: yes
forward-addr: dns_server_1#abcd1234.dot.ldns.io
forward-addr: dns_server_2#abcd1234.dot.ldns.io
forward-addr: dns6_server_1#abcd1234.dot.ldns.io
forward-addr: dns6_server_2#abcd1234.dot.ldns.io
EOF"
sudo systemctl restart unbound
sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo rm /etc/resolv.conf
sudo bash -c "echo nameserver 127.0.0.5 > /etc/resolv.conf"
nslookup www.google.com -
Execute.
That's it! You can now view reports on your Lumiun DNS dashboard and also define policy rules.