ScamLens

Linux

NetworkManager (GNOME, KDE, most distros)

# list connections
nmcli con show

# point the active connection at ScamLens (replace 'Wired connection 1')
nmcli con mod "Wired connection 1" ipv4.dns "210.187.49.141" ipv4.ignore-auto-dns yes
nmcli con up "Wired connection 1"

systemd-resolved

sudo tee /etc/systemd/resolved.conf.d/scamlens.conf <<EOF
[Resolve]
DNS=210.187.49.141
DNSStubListener=yes
Domains=~.
EOF
sudo systemctl restart systemd-resolved

Plain /etc/resolv.conf

# Only if you don't run NetworkManager / resolved.
sudo sh -c 'echo "nameserver 210.187.49.141" > /etc/resolv.conf'

Verify: dig paypa1.com — answer should be 210.187.49.141.

Am I protected?
Runs a quick DNS probe against a known test domain.
Troubleshooting
/etc/resolv.conf keeps getting overwritten.
A DHCP client or NetworkManager is managing it. Use the NetworkManager or systemd-resolved method above instead — resolv.conf edits won't stick.
dig still shows 127.0.0.53.
That's systemd-resolved's stub. It proxies your configured DNS — check `resolvectl status` to confirm the upstream is ScamLens.
Firefox has its own DoH that bypasses system DNS.
Disable or point it at the ScamLens DoH URL: Preferences → Privacy & Security → DNS over HTTPS → Custom.