How to use Stubby to get DNS lookups over HTTPS in NixOS
I thought getting DNS lookups to run over HTTPS would be difficult to setup with NixOS. I was wrong.
A quick Google-search for “nixos stubby” will take you straight to the Stubby derivation. Being new to nix (the language), nixpkgs (the package manager), and NixOS (the operating system), I still find these derivations a bit hard to read. It must be getting easier though because I was able to start using Stubby just by reading this derivation.
The first thing to notice in the derivation is this line:enable = mkEnableOption "Stubby DNS resolver";
This tells me that I can enable Stubby by doing this in my configuration.nix file:services.stubby.enable = true;
That’s in addition to adding stubby in your environment.systemPackages like this:environment.systemPackages = with pkgs; [ stubby ]
If you add those two to your configuration.nix, you can do sudo nixos-rebuild switch to start using Stubby! All that’s left is to configure your network connection to use localhost as the DNS resolver. If you’re using KDE Plasma (as I currently am due to it being the default display manager in NixOS), you can set that up like this:
- Right click the wifi icon
- Configure network connections
- Select the wifi connection
- Select the “IPv4” tab
- Set “Method” to be “Automatic (Only adresses)”
- Set “DNS Servers” to “127.0.0.1”
- Select the “IPv6” tab
- Set “Method” to be “Automatic (Only adresses)”
- Set “DNS Servers” to “::1”
- Disconnect and reconnect to the network
- Use http://www.whatsmydnsserver.com/ to verify that your DNS provider has changed
This question on Stackoverflow helped me figure out how to set a different DNS resolver in Plasma.