diff --git a/README.md b/README.md index b08f81b..fdae3d8 100644 --- a/README.md +++ b/README.md @@ -1,32 +1,24 @@ # DOT DOH with haproxy -**[Mozilla ssl-config](https://ssl-config.mozilla.org/)** - **!!! denylist.rpz and allowlist.rpz are made for my _private_ use and will _cause_ problem with _some_ domain !!!** ``` Query Dns-over-TLS - ---------------------> Haproxy(Frontend) -----------------------------> Knot-resolver - Cluster Listen(TCP/443/853) Listen(Local/dns) - ---------------------> (HTTP/443) -------> m13253/DOH -------> - Dns-over-HTTPS Listen(Local/http) -``` -# Server structure -``` - Server(or instances) - | - |----> Frontend-DOH (Haproxy 443 http TLS 1.3 strict-sni hdr/host/ ssl) - | |----> DOH (m13253/dns-over-https local) - | |---------------------------------------------------------------| - |----> Frontend-DOT (Haproxy 443 853 tcp TLS 1.3 strict-sni ssl_fc_sni ssl) v - |--------------------------------------------------------------> Dns Resolver (Knot-resolver dns local) - + ---------------------> Haproxy(Frontend) -----------------------------> +Cluster Listen(TCP/443/853) + ---------------------> (HTTP/443) -------> m13253/DOH -------> Knot-resolver + Dns-over-HTTPS Listen(Local/http)Listen(Local/dns) + DNSCrypt v2 + ---------------------> jedisct1/Encrypted DNS Server -------------------> + Listen(TCP/UDP/8443) ``` # Recommendation 1. [knot-resolver](https://knot-resolver.cz) **Recommend** using upstream repository on debian 2. Download.sh **Recommend** if you want to download all the default filters used in kresd.conf(knot-resolver configuration) +3. [jedisct1/Encrypted-dns-server](https://github.com/jedisct1/encrypted-dns-server) is recommended if you are looking for an easy way to start a DNSCrypt server +4. [Mozilla ssl-config](https://ssl-config.mozilla.org/) is recommended if you are looking for a sample TLS/SSL configuration for your Server Software # Mirror / Fork [notabug.org](https://notabug.org/lottanorta/doh-dot-haproxy)