Deploy DNS Safety
First, we would need to deploy a virtual server (which eventually will become an instance of DNS Safety) in any of the hosting providers of your choice, for example, in Microsoft Azure, Amazon AWS, Digital Ocean, Linode or, as we do in this tutorial, Hetzner.
Please use Debian 13 as the operating system of that virtual server. DNS Safety is designed to run on Debian 13.
Next, download the archive with installation scripts for DNS Safety 3.1 from https://github.com/diladele/dnssafety/archive/refs/tags/3.1.tar.gz (in future, adjust the link for newer versions of DNS Safety). Upload the archive into the virtual machine and unpack it into the home folder.
Run as root the following commands, note the virtual server will reboot after the first command.
After DNS Safety is installed, be sure to allow the following ports through the firewall.
| Protocol | Port | Description |
|---|---|---|
| TCP | 22 | Allow SSH connections to virtual server from your IP only. |
| ICMP | - | Allow to ping this virtual server from any host on the Internet. |
| UDP | 51820 | Allow incoming VPN connections from any host on the Internet (we will use wireguard to protect this port). |
If you are going to use the same instance of DNS Safety without the VPN also open the following ports.
| Protocol | Port | Description |
|---|---|---|
| TCP | 8000 | Allow HTTP connections from your IP only to Admin UI of DNS Safety. |
| UDP | 53 | Allow incoming DNS requests to DNS Safety from your IP only to let DNS Safety act as DNS server for your network. |
| TCP | 443 | Allow HTTPS connections from your IP only to blocked page server of DNS Safety (if you are using custom page blocking mode). |
| TCP | 80 | Allow HTTP connections from your IP only to blocked page server of DNS Safety (if you are using custom page blocking mode). |
Instructions how to do that specifically are different for different hosting providers, but here we show the screenshot of our Hetzner firewall.
