2021-01-01 12:06:41 +00:00
|
|
|
# DOT DOH with haproxy
|
2021-01-01 12:12:39 +00:00
|
|
|
|
|
|
|
[Mozilla ssl-config](https://ssl-config.mozilla.org/)
|
|
|
|
|
2021-01-01 12:20:16 +00:00
|
|
|
**!!! denylist.rpz and allowlist.rpz are made for my _private_ use and will _cause_ problem with _some_ domain !!!**
|
|
|
|
|
2021-01-01 12:06:41 +00:00
|
|
|
```
|
|
|
|
Query
|
|
|
|
Dns-over-TLS
|
|
|
|
---------------------> Haproxy(Frontend) -----------------------------> Knot-resolver
|
|
|
|
Cluster Listen(TCP/443/853) Listen(Local/dns)
|
|
|
|
---------------------> (HTTP/443) -------> m13253/DOH ------->
|
|
|
|
Dns-over-HTTPS Listen(Local/http)
|
|
|
|
```
|
|
|
|
# Server structure
|
|
|
|
```
|
|
|
|
Server(or instances)
|
|
|
|
|
|
|
|
|
|----> Frontend-DOH (Haproxy 443 http TLS 1.3 strict-sni hdr/host/ ssl)
|
|
|
|
| |----> DOH (m13253/dns-over-https local)
|
|
|
|
| |---------------------------------------------------------------|
|
|
|
|
|----> Frontend-DOT (Haproxy 443 853 tcp TLS 1.3 strict-sni ssl_fc_sni ssl) v
|
|
|
|
|--------------------------------------------------------------> Dns Resolver (Knot-resolver dns local)
|
|
|
|
|
|
|
|
```
|