Linux Setup Guide

Configure QuietNet DNS on your Linux system to block ads and trackers system-wide.

Using systemd-resolved (Ubuntu 18.04+, Fedora, etc.)

Many modern Linux distributions use systemd-resolved for DNS resolution.

Step 1: Get Your DNS Information

1. Log in to your QuietNet dashboard
2. Go to the Blocklists section
3. In the "Your DNS Settings" card, note:
4. DoT SNI: YOUR_API_TOKEN.quietnet.app
5. IP Address: 103.107.50.10

Step 2: Configure systemd-resolved

1. Check if systemd-resolved is running:

   systemctl status systemd-resolved
   

2. Edit the resolved configuration:

   sudo nano /etc/systemd/resolved.conf
   

3. Add or modify the following settings:

   [Resolve]
   DNS=103.107.50.10
   DNSOverTLS=yes
   DNSSEC=yes
   Domains=~.
   

4. Save the file and restart systemd-resolved:

   sudo systemctl restart systemd-resolved
   

5. Verify your settings:

   resolvectl status
   

Look for "DNS over TLS: yes" in the output.

Using Cloudflared for DoH

For DNS over HTTPS on any Linux distribution:

Step 1: Install cloudflared

Debian/Ubuntu:

sudo apt update
sudo apt install -y cloudflared

Fedora:

sudo dnf install cloudflared

Arch Linux:

yay -S cloudflared

Step 2: Configure cloudflared

1. Create a configuration directory:

   sudo mkdir -p /etc/cloudflared
   

2. Create the configuration file:

   sudo nano /etc/cloudflared/config.yml
   

3. Add the following configuration:

   proxy-dns: true
   proxy-dns-port: 53
   proxy-dns-upstream:
     - https://dns.quietnet.app/YOUR_API_TOKEN/dns-query
   

Replace YOUR_API_TOKEN with your actual API token.

1. Install cloudflared as a service:

   sudo cloudflared service install
   

2. Start and enable the service:

   sudo systemctl start cloudflared
   sudo systemctl enable cloudflared
   

3. Update your DNS settings to use the local proxy:

   sudo nano /etc/resolv.conf
   

Make sure it contains:

nameserver 127.0.0.1

Note: This may be overwritten by DHCP. To make it permanent, see the next step.

1. Make the changes permanent (using one of these methods):

a. For NetworkManager:

sudo nano /etc/NetworkManager/conf.d/dns-settings.conf

Add:

[main]
dns=none
systemd-resolved=false

b. Using resolvconf:

sudo nano /etc/resolvconf/resolv.conf.d/head

Add:

nameserver 127.0.0.1

Then update:

sudo resolvconf -u

Using NetworkManager with DoT

If you're using NetworkManager (common on desktop distributions):

1. Create a new connection configuration:

   sudo nano /etc/NetworkManager/conf.d/dns-over-tls.conf
   

2. Add the following content:

   [connection]
   dns=default
   dns-over-tls=yes
   

3. For a specific connection, edit its configuration file (adapt the name to your connection):

   sudo nano /etc/NetworkManager/system-connections/your-connection-name.nmconnection
   

4. Locate or add the [ipv4] section and modify it:

   [ipv4]
   dns=103.107.50.10;
   dns-search=
   method=auto
   

5. Restart NetworkManager:

   sudo systemctl restart NetworkManager
   

Using DNSCrypt-Proxy

DNSCrypt-proxy is another option that supports DoH, DoT, and more:

1. Install DNSCrypt-proxy (example for Debian/Ubuntu):

   sudo apt update
   sudo apt install dnscrypt-proxy
   

2. Edit the configuration:

   sudo nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml
   

3. Find and modify these settings:

   server_names = ['quietnet']
   
   [static.'quietnet']
   stamp = 'sdns://AgcAAAAAAAAADDEwMy4xMDcuNTAuMTAAJ2Rucy5xdWlldG5ldC5hcHAvWU9VUl9BUElfVE9LRU4vZG5zLXF1ZXJ5'
   

Note: You'll need to create the proper stamp for your DoH URL.

1. Restart DNSCrypt-proxy:

   sudo systemctl restart dnscrypt-proxy
   

2. Configure your system to use 127.0.0.1 as DNS server.

Verify Your Configuration

To verify that your DNS configuration is working:

1. Test DNS resolution:

   dig @127.0.0.1 example.com
   

2. Check for encrypted connection (if using systemd-resolved):

   resolvectl query example.com
   

   Look for "TLS: yes" in the output.

3. Try visiting an ad-heavy website and see if ads are blocked.

4. Check your QuietNet dashboard to see if DNS queries are being counted.

Troubleshooting

DNS Resolution Not Working

• Check if the DNS service is running:

  # For systemd-resolved
  systemctl status systemd-resolved
  
  # For cloudflared
  systemctl status cloudflared
  
  # For dnscrypt-proxy
  systemctl status dnscrypt-proxy
  

• Verify DNS settings:

  cat /etc/resolv.conf
  

Changes Overwritten After Reboot

• This is common with DHCP configurations. Make sure you've followed the steps to make changes permanent.
• For NetworkManager users, create a dispatcher script:

  sudo nano /etc/NetworkManager/dispatcher.d/99-dns
  

Add:

#!/bin/bash
echo "nameserver 127.0.0.1" > /etc/resolv.conf

Make it executable:

sudo chmod +x /etc/NetworkManager/dispatcher.d/99-dns

Limited Connectivity

• Temporarily disable your DNS configuration to check if that's the issue
• Try using the IP directly:

  dig @103.107.50.10 example.com
  

Next Steps

• Verify your setup is working correctly
• Configure your blocklists to customize your filtering
• Set up QuietNet on your other devices