Recently, I published a Gist I made with my preferred Public DNS Servers including information and linkage about them. Today, I re-setup Adguard, one of the best solutions for blocking malicious content across multiple realms including Content Blocking, DNS Filtering, Tracking Protection, and Phishing+Malware.

What’s even better is it allows you to specify your own DNS servers to use, natively supporting DNS over TLS, HTTPS, and DNSCrypt. Today, I leveraged that functionality to test and implement the following resolver configuration for my mobile device:

sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ
tls://1.1.1.2
tls://dns11.quad9.net
tls://dns.google

You can see more about what these resolvers are and why I chose them here.

Additionally, I wanted to learn how to test DNS-over-TLS querying, which helped me verify these servers worked as expected and directly see how this works. However, dig just isn’t going to cut it!

Here I install the knot-resolver (knot-dnsutils on linux) package on Mac via Brew to gain access to the kdig tool, then use that to make a DNS-over-TLS query.

brew install knot-resolver
kdig +tls @1.1.1.2 target.com
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 22716
;; Flags: qr rd ra; QUERY: 1; ANSWER: 4; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1452 B; ext-rcode: NOERROR
;; PADDING: 351 B

;; QUESTION SECTION:
;; target.com.         		IN	A

;; ANSWER SECTION:
target.com.         	31	IN	A	151.101.194.187
target.com.         	31	IN	A	151.101.130.187
target.com.         	31	IN	A	151.101.66.187
target.com.         	31	IN	A	151.101.2.187

;; Received 468 B
;; Time 2020-04-21 16:57:18 EDT
;; From 1.1.1.2@853(TCP) in 51.7 ms
Mario Loria is a builder of diverse infrastructure with modern workloads on both bare-metal and cloud platforms. He's traversed roles in system administration, network engineering, and DevOps. You can learn more about him here.