Установил. Прописал локальный днс в /etc/network/interfaces. Слушал через whireshark, там обычные днс запросы идут вместо tls. systemctl status stubby:
tubby.service - DNS Privacy Stub Resolver
Loaded: loaded (/lib/systemd/system/stubby.service; >enabled; vendor preset: enabled)
Active: active (running) since Sun 2019-07-28 10:23:57 +07; 19min ago
Docs: https://dnsprivacy.org/wiki/display/DP/DNS Privacy Daemon - Stubby
Main PID: 1239 (stubby)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/stubby.service
└─1239 /usr/bin/stubby
июл 28 10:23:57 pc systemd[1]: Started DNS Privacy Stub Resolver.
июл 28 10:23:57 pc stubby[1239]: [03:23:57.789012] STUBBY: Read config from file /etc/stubby/stubby.yml
июл 28 10:23:57 pc stubby[1239]: [03:23:57.790758] STUBBY: DNSSEC Validation is OFF
июл 28 10:23:57 pc stubby[1239]: [03:23:57.790773] STUBBY: Transport list is:
июл 28 10:23:57 pc stubby[1239]: [03:23:57.790780] STUBBY: - TLS
июл 28 10:23:57 pc stubby[1239]: [03:23:57.790785] STUBBY: Privacy Usage Profile is Strict (Authentication required)
июл 28 10:23:57 pc stubby[1239]: [03:23:57.790792] STUBBY: (NOTE a Strict Profile only applies when TLS is the ONLY transport!!)
июл 28 10:23:57 pc stubby[1239]: [03:23:57.790798] STUBBY: Starting DAEMON....
/etc/network/interfaces
auto lo
iface lo inet loopback
auto enp9s0
iface enp9s0 inet dhcp
dns-nameservers 127.0.0.1
sudo netstat -lnptu | grep stubby:
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1239/stubby
tcp6 0 0 ::1:53 :::* LISTEN 1239/stubby
udp 0 0 127.0.0.1:53 0.0.0.0:* 1239/stubby
udp6 0 0 ::1:53 :::* 1239/stubby
