How to customize sni/host/ip

[f4nff]

curl --connect-to www.baidu.com:443:[2001:4860:4860::8888]:443 -k -H "accept: application/dns-json" -H "Host: dns.google" "https://www.baidu.com:443/resolve?name=cloudflare.com&type=A"

I want to customize sni, host, ip separately, how do I do it?

[ameshkov]

There's no functionality for that in dnsproxy

[f4nff]

I hope dnsproxy will add such a function, customize sni/host/ip

[ameshkov]

You know what, I think there's a way after all.

Create a DNS stamp: https://dnscrypt.info/stamps

1. Choose DNS-over-HTTPS
2. Enter the hostname
3. Enter the IP address you want to use
4. Run dnsproxy with --insecure flag
5. Run dnsproxy with that DNS stamp.

Here's an example of such a stamp: sdns://AgcAAAAAAAAABzguOC44LjgADXJhbmRvbS5kb21haW4KL2Rucy1xdWVyeQ (examine it on dnscrypt.info to see what's inside)

./dnsproxy -u sdns://AgcAAAAAAAAABzguOC44LjgADXJhbmRvbS5kb21haW4KL2Rucy1xdWVyeQ --insecure

[f4nff]

Only sni+host can be customized, and sni host cannot be separated independently.

[f4nff]

I have tested, sni/host/ip:port Are three independent variables,

[ameshkov]

Only sni+host can be customized, and sni host cannot be separated independently.

DNS stamp allows you to configure all three:

[f4nff]

stamp Only host+sni can be set, host and sni set the same value, and cannot be set independently

[f4nff]

sni is the identification code of the tls handshake, host is the host value of the http protocol ip is the connection address, The three values are different.

stamp Only host=sni can be set, and host and sni cannot be set separately.

[ameshkov]

Yeah, I see. You're right, host+sni would be the same.

[f4nff]

Because in some places, such as the firewall of China, sni will block dns.google, so you can use a specific sni to evade the firewall

[honwen]

• Option to send no SNI indication to better counter censorship

this repo can disable SNI indication: https://github.com/compassd/dcompass

[f4nff]

@honwen

sni host ip:port can be customized separately to make sense.