Toy DNS over HTTPS server. https://dns.maze.network/dns-query
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
maze 7b56df4640 Added --timeout and --redirect 7 months ago
cmd/doh Added --timeout and --redirect 7 months ago
testdata Initial import 7 months ago
.gitignore Initial commit 7 months ago
LICENSE Initial commit 7 months ago
README.md Warning on security 7 months ago
globalip.go Initial import 7 months ago
go.mod Implemented autocert 7 months ago
go.sum Initial import 7 months ago
json.go Initial import 7 months ago
server.go Added --timeout and --redirect 7 months ago
server_google.go Initial import 7 months ago
server_ietf.go Initial import 7 months ago

README.md

doh

Toy DNS over HTTPS server.

This server implements IETF RFC 8484 as well as Cloudflare and Google’s proprietary DNS JSON query formats.

Building

Clone the repository and build the binary using Go (Version >= 1.11):

$ git clone https://git.maze.io/maze/doh
$ cd doh
$ go build -v ./cmd/doh

You should now have a doh binary.

Running

Your server needs a (valid) X.509 certificate to work efficiently, for example use LetsEncrypt.

Running as unprivileged user

It is recommended to run as an unprivileged user, you need to use Linux capabilities if you wish to run doh on a privileged port:

$ sudo setcap cap_net_bind_service=+ep ./doh
$ ./doh -listen=:443

Automatic TLS

Optionally you can use the auto TLS feature, which will request a TLS certificate on the fly:

$ ./doh -listen=:443 -autotls /var/cache/doh -email john@example.org

Security consideration: use the -autocert-domains argument to whitelist what domains certificates can be requested for.

Querying

The default path for DNS-over-HTTPS requests is at /dns-query.

Testing

cURL can be used to test your server:

$ curl -v --doh-url https://dns.maze.network/dns-query icanhazip.com