[Feature Request] DnsOverTls support

[pawankanumalli]

Hi,

I've been using this great app to serve doh for all my devices. It is a fantastic app.

Is there any way we can extend this to listen to DnsOverTLS requests also? Or has anyone already forked and extended this to perform DOT also?

[m13253]

DoT and DoH are completely different protocols. Implementing DoT would require around 30% of work.

However, I will not implement DoT by myself. The reason is simple: This protocol cannot work in China. DoT has very obvious traffic pattern and can be easily detected and blocked by a nationwide firewall.

I understand that DoT can still work in most other countries and regions. I would leave the task to others because by making sure all features I included are well tested, I can maintain the high quality of the software.

[pawankanumalli]

Hi, Thank you for the quick reply. Much appreciated. I will keep following this thread to see if anyone is interested in implementing DOT. Happy to donate if some one comes forward...

[Showfom]

We use unbound for DoT and this project for DoH which works fine.

[w14w16]

If you need the DoT and you are using Nginx as proxy is pretty simple, just add this in your nginx.conf file:

stream {
        server {
                listen                  *:853 ssl;
                proxy_pass              ipofyourdnsresolver:port  #127.0.0.1:53
        }


        ssl_certificate /etc/letsencrypt/live/site.yourdomain/fullchain.pem; 
        ssl_certificate_key /etc/letsencrypt/live/site.yourdomain/privkey.pem; 

}

[m13253]

If you need the DoT and you are using Nginx as proxy is pretty simple, just add this in your nginx.conf file:

Wow! So easy!

[alicaccs]

The DoT service can also be provided by running a STunnel instance to wrap dnsmasq (or any other resolver of your choice listening on TCP port). So we don't need to have a standalone daemon to provide DoT service.

Suggest closing this issue.

[gdm85]

I have added the instructions here: #133

Thanks!