maze
/
doh
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Toy DNS over HTTPS server. https://dns.maze.network/dns-query
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
49 KiB
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
doh/README.md

1.4 KiB
Raw Permalink Blame History

doh

Toy DNS over HTTPS server.

This server implements IETF RFC 8484 as well as Cloudflare and Google's proprietary DNS JSON query formats.

Building

Clone the repository and build the binary using Go (Version >= 1.11):

$ git clone https://git.maze.io/maze/doh
$ cd doh
$ go build -v ./cmd/doh

You should now have a doh binary.

Running

Your server needs a (valid) X.509 certificate to work efficiently, for example use LetsEncrypt.

Running as unprivileged user

It is recommended to run as an unprivileged user, you need to use Linux capabilities if you wish to run doh on a privileged port:

$ sudo setcap cap_net_bind_service=+ep ./doh
$ ./doh -listen=:443

Automatic TLS

Optionally you can use the auto TLS feature, which will request a TLS certificate on the fly:

$ ./doh -listen=:443 -autotls /var/cache/doh -email john@example.org

Security consideration: use the -autocert-domains argument to whitelist what domains certificates can be requested for.

Querying

The default path for DNS-over-HTTPS requests is at /dns-query.

Testing

cURL can be used to test your server:

$ curl -v --doh-url https://dns.maze.network/dns-query icanhazip.com