GUIDE PRIVACY NOBARA

DNS_OVER_HTTPS

Encrypt your DNS queries. Prevent your ISP from seeing every website you visit. For Nobara Linux.

BEGINNER FRIENDLY NOBARA OPTIMIZED WORKS WITH VPN

WHAT IS DNS AND WHY ENCRYPT IT?

DNS (Domain Name System) is like the phonebook of the internet. When you visit a website, your computer asks a DNS server: "What's the IP address for google.com?"

THE PROBLEM: UNENCRYPTED DNS

By default, DNS queries are sent in plain text. Your ISP can see every website you visit, even if you use HTTPS. They can:

• Build profiles of your browsing habits
• Sell your data to advertisers
• Throttle connections based on detected services
• Block access to certain websites

HOW DNS-OVER-HTTPS (DoH) WORKS

DNS-over-HTTPS wraps your DNS queries in encrypted HTTPS traffic, making them indistinguishable from normal web traffic.

WITHOUT DoH

You → ISP (visible): "What's IP of piratebay?"

ISP sees: piratebay request

WITH DoH

You → Cloudflare (encrypted): [ENCRYPTED]

ISP sees: HTTPS to cloudflare-dns.com

STEP 1: CHOOSE A DNS PROVIDER

All providers below support DoH. Choose based on your privacy needs:

CLOUDFLARE (RECOMMENDED)

• 1.1.1.1 - Fastest DNS
• No logs policy (audited)
• US jurisdiction (concern)
• DNS-over-HTTPS: yes

https://1.1.1.1/dns-query

QUAD9 (SECURITY)

• 9.9.9.9 - Blocks malware
• Switzerland jurisdiction
• No logs policy
• DNS-over-HTTPS: yes

https://dns.quad9.net/dns-query

NEXTDNS (PRIVACY)

• Customizable blocking
• US jurisdiction
• Free tier generous
• DNS-over-HTTPS: yes

https://dns.nextdns.io

NOTE: For Nobara (Fedora-based), we'll use Cloudflare as it's the most reliable and has the best performance.

STEP 2: CONFIGURE DOH ON NOBARA

2.1 Using systemd-resolved (Recommended)

Nobara uses systemd-resolved by default. We'll configure it to use DoH via a stub resolver.

# Step 1: Install necessary packages

sudo dnf install -y systemd-resolved

# Step 2: Enable systemd-resolved

sudo systemctl enable systemd-resolved
sudo systemctl start systemd-resolved

# Step 3: Create resolved config for DoH

sudo nano /etc/systemd/resolved.conf

# Step 4: Add/edit these lines

[Resolve]
DNS=1.1.1.1 1.0.0.1
FallbackDNS=2606:4700:4700::1111
# Enable DNS-over-TLS
DNSOverTLS=opportunistic

# Step 5: Restart and verify

sudo systemctl restart systemd-resolved
resolvectl status

2.2 Firefox Browser DoH (Alternative)

Enable DoH directly in Firefox for browser-only protection:

1.
Open Firefox → Settings → Network Settings
2.
Check "Enable DNS over HTTPS"
3.
Choose provider: Cloudflare or NextDNS

2.3 Chromium/Chrome DoH

Chromium browsers have built-in DoH support:

# Enable via flags or settings

chrome://flags/#dns-over-https
# Set to "Enabled" and restart browser

STEP 3: VERIFY DOH IS WORKING

Test if your DNS queries are encrypted:

Cloudflare Encrypted SNI BrowserLeaks DNS

# Command line verification

# Check if DNS-over-TLS is active
resolvectl query google.com

# Check DNS server
cat /etc/resolv.conf

DOH + VPN = MAXIMUM PRIVACY

For maximum privacy, use both DoH and VPN together:

VPN ONLY

VPN provider sees your DNS queries

VPN + DoH

DNS queries encrypted from VPN

TROUBLESHOOTING

DNS Not Working After Changes

• Check /etc/resolv.conf symlink
• Verify systemd-resolved is running
• Try: sudo systemctl restart NetworkManager

Slow DNS Resolution

• Try Quad9 (9.9.9.9) for better routing
• Check for firewall blocking port 443
• Use nearest server in NextDNS

OTHER DNS PROVIDERS WITH DOH

PROVIDER	DoH URL	JURISDICTION
Cloudflare	https://1.1.1.1/dns-query	USA
Quad9	https://dns.quad9.net/dns-query	Switzerland
Google	https://dns.google/dns-query	USA
AdGuard	https://dns.adguard-dns.com/dns-query	Cyprus
Mullvad	https://dns.mullvad.net/dns-query	Sweden

Cloudflare DNS → Quad9 → Fedora/Nobara DNS →