DNS over HTTPS (DoH) encrypts DNS queries by sending them over HTTPS instead of plain UDP or TCP. This enhances privacy and security by preventing eavesdropping and tampering of DNS traffic.
Popular web browsers like Firefox, Chrome, Brave, and Edge support DoH out of the box. It is a convenient way to enable Public Key Domains (PKD) in your browser without changing your system dns.
- Pick a DNS-over-HTTPS URL from our public servers.txt list.
- Configure your browser. See this guide.
- Test if everything is working with http://7fmjpcuuzf54hw18bsgi3zihzyh4awseeuq5tmojefaezjbd64cy./.
pkdns supports RFC8484.
- Start pkdns with
dns_over_http_socket = "127.0.0.1:3000"in pkdns.toml. This makes pkdns listen for HTTP (not HTTPS) requests on http://127.0.0.1/dns-query. - Use a reverse proxy like NGINX to add HTTPS to the DoH socket. See this tutorial.
- Forward the nginx requests to pkdns. Example configuration:
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:3000;
}
- Configure your browser with your new doh url.
- Test if everything is working with http://7fmjpcuuzf54hw18bsgi3zihzyh4awseeuq5tmojefaezjbd64cy./.