Git Product home page Git Product logo

dns-proxy's Introduction

dns-proxy

dns-proxy provides DNS (UDP and TCP) and DoT (DNS-over-TLS) endpoints and redirects all DNS requests to defined DoH (DNS-over-HTTPS) server(s).

Configuration

Variable Example Description
TLS_DOMAIN my.duckdns.org Domain name without wildcards. Used to create wildcard certificate and to check incoming connections
DNS_PROVIDER duckdns One of supported provider from https://go-acme.github.io/lego/dns/
DUCKDNS_TOKEN 1fff-111-... Provider specific token, see https://go-acme.github.io/lego/dns/ for further information
CERT_DIR /opt/certs Directory for generated certificates. Default: ./certs
EMAIL [email protected] Registration email address for Let's Encrypt
LOG_LEVEL debug Level to log. One of 'trace, debug, info, warn, error, fatal'. Default: info
PREFERRED_CHAIN ISRG Root X1 preferred certificate chain to use. default: "ISRG Root X1"
UPSTREAM_DOH http://192.168.178.3:4000/dns-query,https://cloudflare-dns.com/dns-query Comma separated list of upstream DoH DNS resolvers. Placeholder _CLIENTID_ will be automatically replaced with client id (only TLS from subdomain)
UPSTREAM_RETRY_CNT 2 Number of retry attempts before fallback resolver will be invoked. Default: 2
RENEW_THRESHOLD_DAYS 7 Renew certificate if it expires in X or less days. Default: 7
UPSTREAM_TIMEOUT 1s timeout for the upstream DoH request. Default: 1s
FALLBACK_DOH https://cloudflare-dns.com/dns-query Fallback upstream DoH server, used if upstream DoH requests fail. Default: https://cloudflare-dns.com/dns-query

Example with docker-compose and blocky

dns-proxy as DoT with Let's encrypt certificate and duckdns domain "test.duckdns.org". Uses 2 blocky instances as DoH resolver (192.168.178.3 and 192.168.178.5). Clients can use either "test.duckdns.org" for anonymous or " XXX.test.duckdns.org" for named access (in this case XXX will be passed to blocky as client name for logging and filtering purposes).

version: "2.1"
services:
  dns-proxy:
    image: ghcr.io/0xerr0r/dns-proxy
    container_name: dns-proxy
    restart: always
    ports:
      - "853:853"
      - "53:53"
    environment:
      - TZ=Europe/Berlin
      - TLS_DOMAIN=test.duckdns.org
      - DNS_PROVIDER=duckdns
      - DUCKDNS_TOKEN=1df927c4-YOUR_TOKEN_HERE-XXX
      - [email protected]
      - LOG_LEVEL=info
      - UPSTREAM_DOH=http://192.168.178.3:4000/dns-query/_CLIENTID_,http://192.168.178.5:4000/dns-query/_CLIENTID_
    volumes:
      - certs:/app/certs
volumes:
  certs:

dns-proxy's People

Contributors

0xerr0r avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.