dnsproxy icon indicating copy to clipboard operation
dnsproxy copied to clipboard
verified publisher icon AdguardTeam

Syntax for config.yaml is not apparent / not as advertised

Open cmjordan42 opened this issue 1 year ago • 4 comments

In /config.yaml.dist it's advertised that to find out the expected syntax for the values in the yaml file, "all the options available can be seen with ./dnsproxy --help". The values offered by --help are not actually valid. I dove into /main.go to try to back into the expected yaml syntax, and dnsproxy appears to parse/accept the yaml file, but it does not start as expected.

  1. Please consider publishing the yaml syntax.
  2. In my case, I'm attempting to start a docker container of adguard/dnsproxy with multiple secure DNS methods and forwarding them upstream to a local DNS server. What is it expecting that I am not properly specifying?

config.yaml:

upstream:
  - "10.1.0.3:53"
fallback:
  - "8.8.8.8"
https-port:
  - 443
tls-port:
  - 853
quic-port:
  - 1853
dnscrypt-port:
  - 2853
ratelimit: 20
upd-buf-size: 1024
ratelimit-subnet-len-ipv4: 24
ratelimit-subnet-len-ipv6: 64
refuse-any: true
tls-cert: "/etc/letsencrypt/live/domain.name.replaced/fullchain.pem"
tls-key: "/etc/letsencrypt/live/domain.name.replaced/privkey.pem"

log from dnsproxy starting with that config:

dnsproxy config path: /opt/dnsproxy/config.yaml
2024/09/17 01:30:18.112330 INFO dnsproxy starting version=v0.73.2 revision=011f37a branch=HEAD commit_time=1726113961
2024/09/17 01:30:18.116575 INFO ratelimit is enabled prefix=dnsproxy rps=20 ipv4_subnet_mask_len=24 ipv6_subnet_mask_len=64
2024/09/17 01:30:18.121138 INFO server will refuse requests of type any prefix=dnsproxy
2024/09/17 01:30:18.121281 INFO upstream mode is set prefix=dnsproxy mode=load_balance
2024/09/17 01:30:18.121337 INFO cache disabled prefix=dnsproxy
2024/09/17 01:30:18.121461 INFO starting dns proxy server prefix=dnsproxy
2024/09/17 01:30:18.121545 INFO creating udp server socket prefix=dnsproxy addr=0.0.0.0:53
2024/09/17 01:30:18.121931 INFO listening to udp prefix=dnsproxy addr=[::]:53
2024/09/17 01:30:18.123777 INFO creating tcp server socket prefix=dnsproxy addr=0.0.0.0:53
2024/09/17 01:30:18.124116 INFO listening to tcp prefix=dnsproxy addr=[::]:53
2024/09/17 01:30:18.128051 INFO entering udp listener loop prefix=dnsproxy addr=[::]:53
2024/09/17 01:30:18.128231 INFO entering listener loop prefix=dnsproxy proto=tcp addr=[::]:53

Thanks.

cmjordan42 avatar Sep 17 '24 01:09 cmjordan42

same here , I need to have a config based setup and I'm constantly confused here

greygoody avatar Sep 19 '24 14:09 greygoody

Ditto... options for the config.yaml are not documented. Very frustrating!

jeff47 avatar Oct 23 '24 01:10 jeff47

First, if you build it directly using "go install" then you'll might end up with unmarshalling file: yaml: line 2: mapping values are not allowed in this context Besides, here's the auto-generated yaml scratch based on the data structure in "[REPO_ROOT]/internal/cmd/config.go":

tls-crt: ""
tls-key: ""
https-server-name: ""
https-userinfo: ""
dnscrypt-config: ""
edns-addr: ""
upstream-mode: ""
listen-addrs: []
listen-ports: []
https-port: []
tls-port: []
quic-port: []
dnscrypt-port: []
upstream: []
bootstrap: []
fallback: []
private-rdns-upstream: []
dns64-prefix: []
private-subnets: []
bogus-nxdomain: []
hosts-files: []
timeout: 10s
cache-min-ttl: 0
cache-max-ttl: 0
cache-size: 0
ratelimit: 0
ratelimit-subnet-len-ipv4: 0
ratelimit-subnet-len-ipv6: 0
udp-buf-size: 0
max-go-routines: 0
tls-min-version: 0.0
tls-max-version: 0.0
hosts-file-enabled: false
pprof: false
version: false
verbose: false
insecure: false
ipv6-disabled: false
http3: false
cache-optimistic: false
cache: false
refuse-any: false
edns: false
dns64: false
use-private-rdns: false

P.S. I know few about yaml, and that's as far as I can "go".

Kihara777 avatar Jan 29 '25 03:01 Kihara777

I was able to determine what i needed to changed by using the information i found here: https://deepwiki.com/AdguardTeam/dnsproxy/7-configuration-and-deployment

This let me set QUIC properly as the upstream DNS server. The bootstrap is necessary to leave as plaintext DNS (i.e. "1.1.1.1:53") to resolve the hostname of encrypted DNS doman-name/fqdn upstream value in the config.

Since i am on Linux i verified the service file located at /usr/lib/systemd/system/dnsproxy.service had the executable value set to ExecStart=/usr/bin/dnsproxy --config-path=/etc/dnsproxy/dnsproxy.yaml so i edited the config file /etc/dnsproxy/dnsproxy.yaml with my preferred upstream DNS server (dummy example:

upstream:
  - "quic://0000000.d.adguard-dns.com"

)

ShadowVoyd avatar Aug 17 '25 23:08 ShadowVoyd