In December 2017, I wrote a post about how to use Quad9 DNS resolution with Algo VPN, a free and open-source project by Trail of Bits that lets you easily set up your own non-logging VPN server.
My earlier tutorial no longer works with versions of Algo VPN since 25 April 2018, when the Algo VPN code base was changed to enforce encrypted DNS lookups (and five days later, WireGuard support was added, yay!). By default, Algo now uses Cloudflare’s secure DNS lookup. Quad9, which I prefer because of its option to block known malicious sites, implemented DNS over HTTPS in October 2018, and you can now use it with Algo VPN instead of Cloudflare if you like. I will provide step-by-step instruction on how to do this below.
Bear in mind that for these instructions to work, you must be using an Algo installation made with the code base since the April 2018 revision implementing secure DNS lookup:
1. SSH to your Algo server via your terminal app:
ssh root@ip -i ~/.ssh/algo.pem
2. Open /etc/dnscrypt-proxy/dnscrypt-proxy.toml for editing:
nano /etc/dnscrypt-proxy/dnscrypt-proxy.toml
3. Find the line:
server_names = ['cloudflare', 'cloudflare-ipv6']
4. Replace with:
server_names = ['quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-doh-ip6-filter-pri', 'quad9-doh-ip6-filter-alt']
5. Hit Control-X to exit, choosing Y to save and keeping the same file name.
6. Type reboot at the command line to reboot.
That’s all! Your Algo VPN server will now use Quad9 for secure DNS resolution.
Note that there are other secure DNS servers that you can set as parameters for server_names. You’ll find them listed here.
David Myers
You can configure Quad9 by editing Algo’s config.cfg file before you deploy:
dnscrypt_servers:
ipv4:
– quad9-doh-ip4-filter-pri
– quad9-doh-ip4-filter-alt
ipv6:
– quad9-doh-ip6-filter-pri
– quad9-doh-ip6-filter-alt
George Maschke
Thanks for this tip! 🙂