Can someone help me setup DNS-over-HTTPS / DNS-over-TLS


My goal is to use the Mullvad DNS over HTTPS or DNS over TLS service.
They provide a setup tutorial for Linux using systemd-resolved but I don’t use systemd-resolved - so it’s not applicable to me.

So here is my question: How can I setup DNS over HTTPS or DNS over TLS in an easy way on KDE Plasma?

I found the DNS-over-HTTPS Arch Wiki page but I am already having troubles with one of the first steps (also I don’t know if the dns-over-https is the easiest way):

2.2 Change system DNS server

Change your system’s DNS server to an address in the listen = section of the configuration file. If you don’t know what you’re doing, is recommended.

This can be accomplished either through your Network Manager or through editing /etc/resolv.conf.

because Network Manager seems to manage my /etc/resolv.conf file and all manual edits get removed again:

❯ bat /etc/resolv.conf
       │ File: /etc/resolv.conf
   1   │ # Generated by NetworkManager
   2   │ search

Any help and ideas would be appreciated.

Thank you.

To prevent this, you could create a file called dns.conf in /etc/NetworkManager/conf.d with the following content:


Thank you, I’ll give it a try and see how far along I come this time :).

1 Like

Doesn’t this mean that you can also open your Network Manager (connection settings), set “Method” to “Automatic (Only addresses)” and where you have DNS field just enter

You don’t have to manually edit etc/resolv.conf

1 Like

AFAIK, NetworkManager generates or overwrite /etc/resolv.conf if it is not a symlink.
However, I don’t think NetworkManager supports native DoH/DoT, but it can use the third party systemd-resolved to support DoT.

You do not want systemd-resolved, try to setup unbound for DoT and learn how to config it.

I came to the same conclusion. Today I spent 5 hours trying to get one of these DNS servers working but without any success. I tried DNS-over-HTTPS, Stubby & Unbound… but I am just way over my head in this and network stuff is definitely not my area of expertise…

I was hoping there would be a basic tutorial with every step explained.

Anyways thanks for the all the help but I shelve this project for now.

You can always enable DoH on a browser level - very easy to do and definitely better than nothing.

Thanks, I just did that!
Like you said: better than nothing :see_no_evil:.

1 Like

I would have tried cloudflared with a mullvad server.


EDIT: I edited the post to showcase my working cloudflared.service file.



       │ File: /etc/systemd/system/cloudflared.service
   1   │ [Unit]
   2   │ Description=DNS over HTTPS proxy client
   3   │
   4   │
   5   │ 
   6   │ [Service]
   7   │ AmbientCapabilities=CAP_NET_BIND_SERVICE
   8   │ CapabilityBoundingSet=CAP_NET_BIND_SERVICE
   9   │ DynamicUser=yes
  10   │ ExecStart=/usr/bin/cloudflared proxy-dns --upstream
  11   │ 
  12   │ [Install]
  13   │

3) start cloudflared.service or reboot

I can’t help you much, because I don’t want to touch my config, I’m running Unbound as my local DNS server.

Where is a DNS resolver to resolve this domain name ?
Try changing this URL to a static IP address with a specific port.

1 Like

Thank you for pointing me in the right direction!

I made a mistake in my /etc/systemd/system/cloudflared.service file :neutral_face:.

After re-reading again:

cloudflared proxy-dns --upstream works for me.

I was not using the --upstream but the --address option.

Thanks again for all the help that I got from everyone!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.