2021-01-01 12:06:41 +00:00
|
|
|
# DOT DOH with haproxy
|
2021-01-01 12:12:39 +00:00
|
|
|
|
2021-01-01 12:29:28 +00:00
|
|
|
**[Mozilla ssl-config](https://ssl-config.mozilla.org/)**
|
2021-01-01 12:12:39 +00:00
|
|
|
|
2021-01-01 12:20:16 +00:00
|
|
|
**!!! denylist.rpz and allowlist.rpz are made for my _private_ use and will _cause_ problem with _some_ domain !!!**
|
|
|
|
|
|
2021-01-01 12:06:41 +00:00
|
|
|
```
|
|
|
|
|
Query
|
|
|
|
|
Dns-over-TLS
|
|
|
|
|
---------------------> Haproxy(Frontend) -----------------------------> Knot-resolver
|
|
|
|
|
Cluster Listen(TCP/443/853) Listen(Local/dns)
|
|
|
|
|
---------------------> (HTTP/443) -------> m13253/DOH ------->
|
|
|
|
|
Dns-over-HTTPS Listen(Local/http)
|
|
|
|
|
```
|
|
|
|
|
# Server structure
|
|
|
|
|
```
|
|
|
|
|
Server(or instances)
|
|
|
|
|
|
|
|
|
|
|
|----> Frontend-DOH (Haproxy 443 http TLS 1.3 strict-sni hdr/host/ ssl)
|
|
|
|
|
| |----> DOH (m13253/dns-over-https local)
|
|
|
|
|
| |---------------------------------------------------------------|
|
|
|
|
|
|----> Frontend-DOT (Haproxy 443 853 tcp TLS 1.3 strict-sni ssl_fc_sni ssl) v
|
|
|
|
|
|--------------------------------------------------------------> Dns Resolver (Knot-resolver dns local)
|
|
|
|
|
|
|
|
|
|
```
|
2021-01-01 12:29:28 +00:00
|
|
|
|
|
|
|
|
# Recommendation
|
|
|
|
|
1. [knot-resolver](https://knot-resolver.cz) **Recommend** using upstream repository on debian
|
2021-01-02 14:40:57 +00:00
|
|
|
2. Download.sh **Recommend** if you want to download all the default filters used in kresd.conf(knot-resolver configuration)
|
2021-01-02 15:04:04 +00:00
|
|
|
|
|
|
|
|
# Mirror / Fork
|
|
|
|
|
[notabug.org](https://notabug.org/lottanorta/doh-dot-haproxy)
|
