dns-over-https
dns-over-https copied to clipboard
[Feature Request] DnsOverTls support
Hi,
I've been using this great app to serve doh for all my devices. It is a fantastic app.
Is there any way we can extend this to listen to DnsOverTLS requests also? Or has anyone already forked and extended this to perform DOT also?
DoT and DoH are completely different protocols. Implementing DoT would require around 30% of work.
However, I will not implement DoT by myself. The reason is simple: This protocol cannot work in China. DoT has very obvious traffic pattern and can be easily detected and blocked by a nationwide firewall.
I understand that DoT can still work in most other countries and regions. I would leave the task to others because by making sure all features I included are well tested, I can maintain the high quality of the software.
Hi, Thank you for the quick reply. Much appreciated. I will keep following this thread to see if anyone is interested in implementing DOT. Happy to donate if some one comes forward...
We use unbound for DoT and this project for DoH which works fine.
If you need the DoT and you are using Nginx as proxy is pretty simple, just add this in your nginx.conf file:
stream {
server {
listen *:853 ssl;
proxy_pass ipofyourdnsresolver:port #127.0.0.1:53
}
ssl_certificate /etc/letsencrypt/live/site.yourdomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.yourdomain/privkey.pem;
}
If you need the DoT and you are using Nginx as proxy is pretty simple, just add this in your nginx.conf file:
Wow! So easy!
The DoT service can also be provided by running a STunnel instance to wrap dnsmasq (or any other resolver of your choice listening on TCP port). So we don't need to have a standalone daemon to provide DoT service.
Suggest closing this issue.
I have added the instructions here: #133
Thanks!