For Stubby to re-send outgoing DNS queries over TLS the recursive resolvers configured on your machine must be changed to send all the local queries to the loopback interface on which Stubby is listening. It might be useful to note your existing default nameservers before making this change!
- Edit On older systems just edit the /etc/resolv.conf file or on more modern systems update the DNS settings for your distribution e.g. systemd
- Comment out the existing nameserver entries
Add the following (only add the IPv4 address if you don't have IPv6)
nameserver 127.0.0.1 nameserver ::1
- You most likely need to restart the DNS resolver service
You can monitor the traffic using Wireshark watching on port 853.