Toy DNS over HTTPS server. https://dns.maze.network/dns-query
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
maze 7b56df4640 Added --timeout and --redirect 1 month ago
cmd/doh Added --timeout and --redirect 1 month ago
testdata Initial import 1 month ago
.gitignore Initial commit 1 month ago
LICENSE Initial commit 1 month ago
README.md Warning on security 1 month ago
globalip.go Initial import 1 month ago
go.mod Implemented autocert 1 month ago
go.sum Initial import 1 month ago
json.go Initial import 1 month ago
server.go Added --timeout and --redirect 1 month ago
server_google.go Initial import 1 month ago
server_ietf.go Initial import 1 month ago

README.md

doh

Toy DNS over HTTPS server.

This server implements IETF RFC 8484 as well as Cloudflare and Google's proprietary DNS JSON query formats.

Building

Clone the repository and build the binary using Go (Version >= 1.11):

$ git clone https://git.maze.io/maze/doh
$ cd doh
$ go build -v ./cmd/doh

You should now have a doh binary.

Running

Your server needs a (valid) X.509 certificate to work efficiently, for example use LetsEncrypt.

Running as unprivileged user

It is recommended to run as an unprivileged user, you need to use Linux capabilities if you wish to run doh on a privileged port:

$ sudo setcap cap_net_bind_service=+ep ./doh
$ ./doh -listen=:443

Automatic TLS

Optionally you can use the auto TLS feature, which will request a TLS certificate on the fly:

$ ./doh -listen=:443 -autotls /var/cache/doh -email john@example.org

Security consideration: use the -autocert-domains argument to whitelist what domains certificates can be requested for.

Querying

The default path for DNS-over-HTTPS requests is at /dns-query.

Testing

cURL can be used to test your server:

$ curl -v --doh-url https://dns.maze.network/dns-query icanhazip.com