Systemwide Custom DNS Menggunakan systemd-resolved

0
104

Telah beberapa kali saya menulis tentang cara memintasi “internet sehat”. Mulai dari menyunting berkas konfigurasi /etc/resolv.conf, menggunakan skrip di firewall AfWall++, menggunakan ProtonVPN, DNS resolver (?) Nebulo, dan lainnya.

Dan kini, saya akan menulis tema yang sama; system wide custom DNS menggunakan systemd-resolved. System wide alias menyeluruh sistem bukan hanya per app sebagaimana DNS over HTTP-nya Firefox.

Langkahnya sederhana saja:

  • Sunting berkas /etc/systemd/resolved.conf dan isikan baris konfigurasi berikut:
    Jika hendak menggunakan DNS dari CloudFlare:
    [Resolve]
    DNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
    FallbackDNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
    Domains=~.
    DNSSEC=yes
    DNSOverTLS=yes
    

    Dan jika hendak menggunakan DNS dari Google:

    [Resolve]
    DNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
    FallbackDNS=8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
    Domains=~.
    DNSSEC=yes
    DNSOverTLS=yes
    

    Atau jika hendak menggunakan DNS dari Quad9:

    [Resolve]
    DNS=9.9.9.9 2620:fe::fe
    FallbackDNS=9.9.9.9 2620:fe::fe
    Domains=~.
    DNSSEC=yes
    DNSOverTLS=yes
    
  • Buat tautan resolv.conf
    sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
    
  • Aktifkan layanan systemd-resolved.service
    sudo systemctl enable systemd-resolved.service
    
  • Jalankan layanan yang berkaitan
    sudo systemctl restart systemd-resolved.service
    sudo systemctl restart NetworkManager
    
  • Buka peramban dan kunjungi laman https://www.cloudflare.com/ssl/encrypted-sni/.
    Jika menggunakan DNS CloudFlare mestinya semua parameter akan hijau. Jika tidak, kemungkinan parameter “Secure DNS” hanya akan berwarna jingga walau DNS yang digunakan sebenarnya aman.

Untuk memudahkan berganti DNS atau kembali menggunakan DNS dari operator seluler/ISP, saya pun membuat skrip berikut:

#!/usr/bin/env bash

# Print message in brown.
print_w() { printf '\e[33m:: %s\n\e[m' "$@"
} backup_cfg() { if [[ ! -f /etc/systemd/resolved.conf-orig ]]; then print_w "Backing up /etc/systemd/resolved.conf." sudo mv /etc/systemd/resolved.conf{,-orig} else print_w "Backup exist at /etc/systemd/resolved.conf-orig." fi
} print_usage() { printf '%s\n' "
 ${0##*/} is script to enable systemwide custom DNS by using systemd-resolved service.

 Usage: ${0##*/} OPTION

 OPTION:
 -h --help Print this text
 -on Enable custom DNS (default to CloudFlare DNS)
 -cf --cloudflare Enable CloudFlare DNS (1.1.1.1, 1.0.0.1)
 -gg --google Enable Google DNS (8.8.8.8, 8.8.4.4)
 -q9 --quad9 Enable Quad9 DNS (9.9.9.9)
 -s --status Show link and server status
 -off Disable custom DNS

 Example:
 - ${0##*/} on
 - ${0##*/} off
" exit
} restart_services() { print_w "Restarting services..." sudo systemctl restart systemd-resolved.service sudo systemctl restart NetworkManager
} enable_services() { print_w "Restarting services..." sudo systemctl enable systemd-resolved.service restart_services
} write_config() { print_w "Applying $2 DNS..." printf '%s\n' "
[Resolve]
DNS=$1
FallbackDNS=$1
Domains=~.
DNSSEC=yes
DNSOverTLS=yes
" | sudo tee /etc/systemd/resolved.conf
} # MAIN ------------------------------------------------------------------------- if [[ -z $(command -v "systemctl") ]]; then print_w "systemctl not found. Perhaps this is not a systemd system?" exit
fi if [[ "$#" -eq 1 ]]; then case $1 in -on|-cf|--cloudflare) backup_cfg write_config "1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001" "CloudFlare" sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf enable_services ;; -gg|--google) backup_cfg write_config "8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844" "Google" enable_services ;; -q9|--quad9) backup_cfg write_config "9.9.9.9 2620:fe::fe" "Quad9" enable_services ;; -s|--status) systemd-resolve --status ;; -off) if [[ -f /etc/systemd/resolved.conf-orig ]]; then print_w "Backup exist at /etc/systemd/resolved.conf-orig." print_w "Restoring it back to /etc/systemd/resolved.conf." sudo mv /etc/systemd/resolved.conf{-orig,} else print_w "Backup (/etc/systemd/resolved.conf-orig) is not found." print_w "Creating new /etc/systemd/resolved.conf skeleton." printf '%s\n' "
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
# Google: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
# Quad9: 9.9.9.9 2620:fe::fe
#DNS=
#FallbackDNS=
#Domains=
#DNSSEC=no
#DNSOverTLS=no
#Cache=yes
#MulticastDNS=yes
#LLMNR=yes
#DNSStubListener=yes
#DNSStubListenerExtra=
#ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no
" | sudo tee /etc/systemd/resolved.conf fi sudo unlink /etc/resolv.conf sudo systemctl disable systemd-resolved.service restart_services ;; -h|--help|*) print_usage ;; esac
fi

Skrip yang lebih mutakhir bisa dilihat di https://github.com/rizaumami/scripts/blob/master/systemdns.

Sumber :kabayankababayan

LEAVE A REPLY

Please enter your comment!
Please enter your name here