Toy DNS over HTTPS server.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1.4 KiB


Toy DNS over HTTPS server.

This server implements IETF RFC 8484 as well as Cloudflare and Google's proprietary DNS JSON query formats.


Clone the repository and build the binary using Go (Version >= 1.11):

$ git clone
$ cd doh
$ go build -v ./cmd/doh

You should now have a doh binary.


Your server needs a (valid) X.509 certificate to work efficiently, for example use LetsEncrypt.

Running as unprivileged user

It is recommended to run as an unprivileged user, you need to use Linux capabilities if you wish to run doh on a privileged port:

$ sudo setcap cap_net_bind_service=+ep ./doh
$ ./doh -listen=:443

Automatic TLS

Optionally you can use the auto TLS feature, which will request a TLS certificate on the fly:

$ ./doh -listen=:443 -autotls /var/cache/doh -email

Security consideration: use the -autocert-domains argument to whitelist what domains certificates can be requested for.


The default path for DNS-over-HTTPS requests is at /dns-query.


cURL can be used to test your server:

$ curl -v --doh-url