DNS Resolver Infrastructure

Infrastructure Overview

acme.sh (TLS certificate generation for haproxy)
nsd (OpenNIC)
- unbound (DNS Resolver)
  - dnscrypt-server (dnscrypt)
  - doh-proxy or m13253-doh
    - haproxy (DNS-over-HTTPS)
  - haproxy (DNS-over-TLS)

Getting started

Quick start**

git clone https://github.com/publicarray/dns-resolver-infra.git && cd dns-resolver-infra
# Add Cloudflare cedentials for acme.sh / TLS certificates
echo 'CF_TOKEN=xxxx' >> .env
echo 'CF_ACCOUNT_ID=xxxx' >> .env
echo 'CF_ZONE_ID=xxxx' >> .env

./deploy.sh

Docker Compose

# Build Images or pull them:
docker-compose pull

# Add Cloudflare cedentials for acme.sh / TLS certificates
echo 'CF_TOKEN=xxxx' >> .env
echo 'CF_ACCOUNT_ID=xxxx' >> .env
echo 'CF_ZONE_ID=xxxx' >> .env

# # Setup CA
# docker-compose run acme --register-account -m [email protected]
# # or
# docker-compose run acme.sh --set-default-ca --server letsencrypt

# Launch
docker-compose up -d

Usage with Docker-Swarm
Usage with Kubernetes

sysctl

sysctl net.ipv4.tcp_congestion_control=bbr

dns-resolver-infra
dns-resolver-infra copied to clipboard

Metadata

DNS Resolver Infrastructure

Infrastructure Overview

Getting started

Quick start**

Docker Compose

sysctl

← Metadata

Owner

Metadata

dns-resolver-infra dns-resolver-infra copied to clipboard

Metadata

DNS Resolver Infrastructure

Infrastructure Overview

Getting started

Quick start**

Docker Compose

sysctl

← Metadata

Owner

Metadata

dns-resolver-infra
dns-resolver-infra copied to clipboard