Direct Unbound DNS-over-HTTPS (DoH) traffic through SSH tunneling #1216
Comments
|
I am not sure I understand the issue here and the gathered information seems broken, I assume from an LLM AI :). Firstly I cannot commend on Librewolf settings because I have no experience with it. Unbound does support DoH but only for the client side, that is clients quering Unbound. This would only hide your ISP IP for DNS queries done from your browser to the remote Unbound. Upstream nameservers would then see your Unbound's IP doing the queries for you. If you want you ISP's IP to be hidden always then you should use a VPN service that forwards all your traffic (including DNS queries) to a trusted remote server that would then forward the traffic on your behalf using its own IP. I am going to close this issue as I don't see an actual issue with Unbound. |
Results from searching on the internet, would the following be the way to implement this request?
To direct Unbound DNS-over-HTTPS (DoH) traffic through an SSH tunneling port, configure your system to use a SOCKS proxy on the SSH tunnel's local port, then set Unbound to use that SOCKS proxy for outbound DoH connections by specifying it in the "proxy-out" option within your Unbound configuration file; essentially, all DoH requests will be routed through the SSH tunnel.
Key steps:
Establish SSH Tunnel with SOCKS Proxy:
• Open an SSH connection to your remote server using the -D flag to enable dynamic port forwarding.
• Example command: ssh -D 1080 user@server
• This creates a SOCKS proxy accessible on port 1080 on your local machine.
Configure Unbound:
• Edit your Unbound configuration file (usually located at /etc/unbound/unbound.conf)
• Add the following line under the "interface:" section to specify the SOCKS proxy => proxy-out: 127.0.0.1:1080;socks
• Important: Ensure your firewall rules allow outbound traffic on port 1080.
• Restart Unbound:
• Restart the Unbound service to apply the changes.
The following steps were applied without changing or adding attibutes to unbound.conf:
DNS-over-HTTPS was verified to have worked on Linux Mint 22 according to this: https://unbound.docs.nlnetlabs.nl/en/latest/topics/privacy/dns-over-https.html#using-doh
Librewolf Settings:
Manual proxy configuration selected
SOCK Host = 127.0.0.1 and Port = 443
No proxy for = localhost, 127.0.0.1
Proxy DNS when using SOCK v5 check marked'
Increased Protection
Custom = https://doh/applied-privacy.net/query
Created a VM on Digital Ocean
From Linux Mint 22:
ssh -4 -TND 443 [email protected] <---------- nnn.nnn.nnn.nnn VM IP address
The following errors appeared:
bind [127.0.0.1]:443: Permission denied
channel_setup_fwd_listener_tcpip: cannot listen to port: 443
Could not request local forwarding.
The search for "proxy-out:" attribute came back without results from this link: https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html
My questions would be:
-Are there attributes to use to forward Unbound DoH traffic (port 443) to the SSH tunneling (VM) using some other port instead of port 443? Is it better to use a separate port for SSH tunneling?
-Are the settings for Librewolf required as such?
-Are there instructions on how to achieve this request?
My objective is to use Unbound DoH with SSH tunneling to hide my ISP IP address. Would this be possible with Unbound?
The text was updated successfully, but these errors were encountered: