12 ตุลาคม 2567

local DOH DOT with coredns

# Corefile
.:53{
    forward . tls://1.1.1.1 tls://1.0.0.1 {
        tls_servername cloudflare-dns.com
    }
}
https://.:443 {
    tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
    forward . 127.0.0.1
}
tls://.:853 {
    tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
    forward . 127.0.0.1
}


$ docker run --rm -d --name coredns \
    -p 443:443/tcp -p 853:853/tcp \
    -v $PWD/Corefile:/etc/coredns/Corefile \
    -v $PWD/domain.tld.crt:/etc/coredns/certs/domain.tld.crt \
    -v $PWD/domain.tld.key:/etc/coredns/certs/domain.tld.key \
    coredns/coredns:latest \
    -conf /etc/coredns/Corefile

 

 https://coredns.io/plugins/tls/
เขียนโดย ที่

local DOH DOT with adguard/dnsproxy

$ docker run --rm -d --name dnsproxy \
-p 53:53/udp -p 53:53/tcp -p 443:443/tcp -p 853:853/tcp \
-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \
-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \
adguard/dnsproxy:latest \
-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \
--https-port=443 --tls-port=853 \
--tls-crt=/opt/dnsproxy/domain.tld.crt \
--tls-key=/opt/dnsproxy/domain.tld.key


# Add -p 0 if you also want to disable plain-DNS handling and make dnsproxy only serve DoH with Basic Auth checking.

$ docker run --rm -d --name dnsproxy \
-p 443:443/tcp -p 853:853/tcp \
-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \
-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \
adguard/dnsproxy:latest \
-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \
--https-port=443 --tls-port=853 \
--tls-crt=/opt/dnsproxy/domain.tld.crt \
--tls-key=/opt/dnsproxy/domain.tld.key \
-p 0

https://hub.docker.com/r/adguard/dnsproxy
https://github.com/AdguardTeam/dnsproxy
เขียนโดย ที่
สมัครสมาชิก: บทความ (Atom)