Skip to content

hardillb/dns-over-https

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dns-to-https-proxy.js
dns-to-https-proxy.js
 
 
https-to-dns-proxy.js
https-to-dns-proxy.js
 
 
mkCert.sh
mkCert.sh
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
rcodes.js
rcodes.js
 
 
types.js
types.js
 
 

Repository files navigation

A Basic DNS-Over-HTTPS implementation

Following the anouncement from Mozilla, Cloudflare and Google and starting a trial of DNS-Over-HTTPS I thought it might be useful to look at how to implement my own server.

At the moment there are 2 competing standards.

JSON

The spec for the Google implementation can be found here.

Wireformat

The RFC for this is available here

Running

HTTPS-to-DNS proxy

This lets you offer DNS-over-HTTPS for your own DNS server.

First you need to SSL certificate for your server because the broker will only request DNS lookups from a secure server. Normally I'd go with Letsencrypt but unfortunately they won't issue a certificate for a raw IP address.

If you don't want to pay for a "real" certificate I've included a script to build a self signed for the IP address you are going to run this on.

./mkCert.sh 192.168.1.1

You will be asked for a password 3 times, this will not be needed again but needs to match all 3 times.

To run on the default port 443 and query the Google 8.8.8.8 DNS server then use the following:

node https-to-dns-proxy.js

You can change the DNS server to query by passing it on the command line:

node https-to-dns-proxy.js 192.168.1.1

Once running point https://<ip-address>/test and accept the security exception to import and trust the certificate.

Configuring Firefox (version 60 or newer)

  • Enter about:config in the address bar
  • search for network.trr
  • change network.trr.mode to either 1, 2 or 3.
    • 1 Firefox pick the quickest
    • 2 Firefox trys DNS-Over-HTTPS first and falls back to DNS
    • 3 Firefox only uses DNS-Over-HTTPS
  • change network.trr.uri to https://<ip-address>/query
  • change network.trr.bootstrapAddress to <ip-address>

DNS-to-HTTPS proxy

This lets you proxy normal DNS queries to a DNS-over-HTTPS enabled server.

By default this will try to bind to port 53 which will require admin level access. On Linux you can get with with sudo.

sudo node dns-to-https-proxy

You can change the port it binds to by setting the DNS_PORT environment variable

  • DNS_PORT used to set the port
  • DNS_URL used to set the URL for the DNS-over-HTTPS endpoint
  • DNS_INSECURE used for testing to allow untrusted certificates for the DNS_URL

TODO

  • Add HTTP/2 support
  • More testing

About

A quick and dirty implmentation of DNS-Over-HTTP

Resources

Readme

License

Apache-2.0 license
Activity

Stars

12 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 2

  •  
  •  

Languages