Skip to content

FAQ

Jump to bottom
rusty-snake edited this page May 19, 2023 · 5 revisions

Technology

Is DoH slower than regular DNS?

According to Mozilla the impact is minimal. The slowest Internet connection I got a chance to test fdns on was a standard 864 kbps DSL. There was no visible difference while browsing.

Is the fallback mode really necessary?

In my experience it is. HTTPS connections open long periods of time tend to misbehave, not to mention if it starts raining.

To give you an idea, on a typical day on Cloudflare the monitor reports about 5000 encrypted request, with 8 requests sent in clear (fallback mode). Problems appear when you take the computer out of sleep mode. Depending on how long the computer was sleeping, it could take a few seconds to detect the errors and reestablish the HTTPS connection. During this time, the fallback mode kicks in.

If I use fdns, do I still need an adblocker?

Yes, the more the merrier! You can also pick up a DoH provider like CleanBrowsing or Quad9 that does additional security filtering (malware, attack sites, etc).

 

DevOps

How do I configure Firejail to send all the DNS traffic to fdns by default?

As root user, add the following two lines in /etc/firejail/globals.local. If the file doesn't exist, create it:

$ cat /etc/firejail/globals.local
dns 127.1.1.1
ignore dns

How do I save a list with all the DNS requests?

Start fdns this way:

$ sudo fdns | tee dnslist.txt

If you use systemd to start fdns, you can use this.

$ sudo systemctl edit fdns.service
StandardOutput=append:/tmp/fdns-log.txt

How do I check fdns is running in the background?

Run ss and look for sockets open on port 53:

$ sudo ss -nulp
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port
[...]
UNCONN    0         0                127.1.1.1:53               0.0.0.0:*        users:(("fdns",pid=4227,fd=11))
UNCONN    0         0                127.1.1.1:53               0.0.0.0:*        users:(("fdns",pid=4226,fd=9))
UNCONN    0         0                127.1.1.1:53               0.0.0.0:*        users:(("fdns",pid=4225,fd=7))

In the default case you get 3 worker processes listening on 127.1.1.1 port 53. Or you can use a more traditional

# ps ax | grep fdns
 1069 ?        Ss     0:00 /usr/bin/fdns --daemonize --server=anycast
 1072 ?        S      0:00 /usr/bin/fdns --id=0 --fd=6 --server=adguard
 1073 ?        S      0:00 /usr/bin/fdns --id=1 --fd=8 --server=adguard
 1074 ?        S      0:00 /usr/bin/fdns --id=2 --fd=10 --server=adguard

How do I shut down fdns?

$ sudo pkill fdns

Troubleshooting

firejails dns option is not honored by programs

This is a known problem when systemd-resolved is in use. As a workaround, run ldconfig -p | grep libnss_resolve.so.2 to find the path to libnss_resolve.so.2 and blacklist.

Example:

blacklist /usr/lib/libnss_resolve.so.2

FDNS Handbook

Clone this wiki locally