%
Puffy image/svg+xml Puffy 2019-06-14 Stéphane HUC OpenBSD Team Inkscape Puffy OpenBSD https://www.openbsd.org/art4.html English "Puffy", it's a symbol of OpenBSD

Stubby: DoT DNS client on OpenBSD (EXPERIMENTAL)

Article published the ; modified the
2 minutes to read

This article has 276 words.
RAW source of the article:
Commit version: 54af6be

Description

Stubby is a DNS client, using secure protocol (DoT ). This encrypts DNS queries sent from your machine to a DNS resolver, or an authoritative DNS server to increase the confidentiality. It can request queries according DNSSEC protocol, too.

Warning

Installation

The stubby client is/will be installed on OpenBSD stable.

  • at this day, now: 6.3

Prerequisite

  • OpenSSL : install by default
  • Libyaml : to install…
  • autoconfautomake : to install to configure, and build before installation.

Code: sh

Then, we will follow the official installation recommandations from sources, by adapting them to OpenBSD, step by step.

Download

Code: sh

The second command git permits us to get/obtain the most recent sources .

Configuration

Code: sh

Compilation

$ make
# make install

Of course, if you had configured doas , you can executed the ultimate command, as:
$ doas make install

resolv.conf

It’s necessary to modify your /etc/resolv.conf file in order to communicate directly with stubby:
nameserver 127.0.0.1
nameserver ::1

stubby.yml

The stubby’s configuration file is: /usr/local/etc/stubby/stubby.yml.

You can create your personal, as ~/.stubby.yml. It will be read in first.

Execution

To execute stubby, run as:

Code: sh

Some interesting informations, about flags:

  • -C: to specify other configuration file.
  • -g: to run in background mode.
  • -i: to check the configuration!
  • -l: to log. Actually, the output is only on the standard stdout!

Test

We use dig:

=> IPv4

Code: sh

=> IPv6 :

Code: sh