Description
Stubby is a DNS client, using secure protocol (DoT ). This encrypts DNS queries sent from your machine to a DNS resolver, or an authoritative DNS server to increase the confidentiality. It can request queries according DNSSEC protocol, too.
Warning: it does not act as DNS cache resolver, nor as an authoritative DNS server; it’s only a DNS client!
In addition, there is no package, nor port on OpenBSD stable. Hence is the reason of title “EXPERIMENTAL”. We’re going to retrieve sources, compil, install and configure them.
Installation
The stubby client is/will be installed on OpenBSD stable.
- at this day, now: 6.3
Prerequisite
OpenSSL: install by defaultLibyaml: to install…autoconf,automake: to install to configure, and build before installation.
Code: sh
Then, we will follow the official installation recommandations from sources, by adapting them to OpenBSD, step by step.
Download
Code: sh
The second command git permits us to get/obtain the most recent sources .
Configuration
Code: sh
Compilation
$ make
# make install
Of course, if you had configured
doas
, you can executed the ultimate command, as:
$ doas make install
resolv.conf
It’s necessary to modify your /etc/resolv.conf file in order to communicate directly with stubby:
nameserver 127.0.0.1
nameserver ::1
stubby.yml
The stubby’s configuration file is: /usr/local/etc/stubby/stubby.yml.
You can create your personal, as ~/.stubby.yml. It will be read in first.
Execution
To execute stubby, run as:
Code: sh
Some interesting informations, about flags:
-C: to specify other configuration file.-g: to run in background mode.-i: to check the configuration!-l: to log. Actually, the output is only on the standardstdout!
Test
We use dig:
=> IPv4
Code: sh
=> IPv6 :
Code: sh