Configure DNS Filtering on Linux

Learn how to configure CleanBrowsing DNS on Linux. This guide covers resolv.conf, systemd-resolved, and ConnMan methods that work across all major distributions.

Step 1: Remove and Recreate resolv.conf

Linux stores DNS nameserver configuration in /etc/resolv.conf. This file is used across all major distributions (Ubuntu, Debian, RedHat, CentOS, Fedora, etc.).

Open a terminal and run:

sudo rm /etc/resolv.conf

sudo touch /etc/resolv.conf

Note: DHCP clients may overwrite this file. Step 3 shows how to prevent that.

Step 2: Add CleanBrowsing DNS Servers

Add the CleanBrowsing nameservers to the file:

echo 'nameserver 185.228.168.168' | sudo tee /etc/resolv.conf

echo 'nameserver 185.228.169.168' | sudo tee -a /etc/resolv.conf

This directs all DNS queries through CleanBrowsing's filtering servers.

Note: If you have a paid CleanBrowsing plan, use the DNS IPs provided in your dashboard instead.

Step 3: Make the File Immutable

Prevent DHCP clients and other processes from overwriting your DNS settings:

sudo chattr +i /etc/resolv.conf

This makes the file immutable. To edit it again later, first remove the immutable flag with:

sudo chattr -i /etc/resolv.conf

Step 4: For ConnMan Users

If your system uses the ConnMan network manager, you need to stop the service first, then configure DNS:

sudo /etc/init.d/connman stop

sudo rm /etc/resolv.conf

echo 'nameserver 185.228.168.168' | sudo tee /etc/resolv.conf

echo 'nameserver 185.228.169.168' | sudo tee -a /etc/resolv.conf

sudo chattr +i /etc/resolv.conf

sudo /etc/init.d/networking restart

sudo /etc/init.d/connman start

Step 5: For systemd-resolved Users

Modern distributions (Ubuntu 18.04+, Fedora, etc.) often use systemd-resolved. In this case, edit the resolved configuration:

sudo nano /etc/systemd/resolved.conf

Add or modify the following lines under the [Resolve] section:

DNS=185.228.168.168 185.228.169.168

DNSOverTLS=no

Then restart the service:

sudo systemctl restart systemd-resolved

Step 6: Verify Your Configuration

Check that the DNS servers are configured correctly:

cat /etc/resolv.conf

You should see the CleanBrowsing nameservers listed. You can also test with:

dig cleanbrowsing.org

Or visit dnsleaktest.com in your browser and run the Standard Test. The results should show CleanBrowsing.

Note: Changes may take 10-15 minutes to fully propagate.

Related Guides

Windows

Configure CleanBrowsing DNS on Windows via the command prompt.

View Guide
macOS

Set up DNS filtering on macOS through System Settings.

View Guide
ChromeBook

Set up CleanBrowsing DNS on Google ChromeBook devices.

View Guide

Having trouble?

Check our troubleshooting guide or contact support.

Troubleshooting Guide