Toy DNS over HTTPS server.
Clone the repository and build the binary using Go (Version
$ git clone https://git.maze.io/maze/doh $ cd doh $ go build -v ./cmd/doh
You should now have a
Your server needs a (valid) X.509 certificate to work efficiently, for example use LetsEncrypt.
It is recommended to run as an unprivileged user, you need to use Linux capabilities
if you wish to run
doh on a privileged port:
$ sudo setcap cap_net_bind_service=+ep ./doh $ ./doh -listen=:443
Optionally you can use the auto TLS feature, which will request a TLS certificate on the fly:
$ ./doh -listen=:443 -autotls /var/cache/doh -email email@example.com
Security consideration: use the
-autocert-domains argument to whitelist what domains certificates can be requested for.
The default path for DNS-over-HTTPS requests is at
cURL can be used to test your server:
$ curl -v --doh-url https://dns.maze.network/dns-query icanhazip.com