readonly/DNSserver
1
0
Fork 0
mirror of https://github.com/minoplhy/DNSserver.git synced 2024-11-24 10:16:54 +00:00
Code Issues Projects Releases Wiki Activity

Server Structure are useless and somethings useful

Browse Source 
- Server Structure
+ Recommendation Number 3 added
+ Less Crap
+ Recommendation Number 4 added
This commit is contained in:
Minoplhy 2021-01-11 20:15:52 +07:00 committed by GitHub
parent 2aeab8bf55
commit 4be91d5b93
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -1,32 +1,24 @@
# DOT DOH with haproxy
**[Mozilla ssl-config](https://ssl-config.mozilla.org/)**
**!!! denylist.rpz and allowlist.rpz are made for my _private_ use and will _cause_ problem with _some_ domain !!!**
```
Query
Dns-over-TLS
---------------------> Haproxy(Frontend) -----------------------------> Knot-resolver
Cluster Listen(TCP/443/853) Listen(Local/dns)
---------------------> (HTTP/443) -------> m13253/DOH ------->
Dns-over-HTTPS Listen(Local/http)
```
# Server structure
```
Server(or instances)
|
|----> Frontend-DOH (Haproxy 443 http TLS 1.3 strict-sni hdr/host/ ssl)
| |----> DOH (m13253/dns-over-https local)
| |---------------------------------------------------------------|
|----> Frontend-DOT (Haproxy 443 853 tcp TLS 1.3 strict-sni ssl_fc_sni ssl) v
|--------------------------------------------------------------> Dns Resolver (Knot-resolver dns local)
---------------------> Haproxy(Frontend) ----------------------------->
Cluster Listen(TCP/443/853)
---------------------> (HTTP/443) -------> m13253/DOH -------> Knot-resolver
Dns-over-HTTPS Listen(Local/http)Listen(Local/dns)
DNSCrypt v2
---------------------> jedisct1/Encrypted DNS Server ------------------->
Listen(TCP/UDP/8443)
```
# Recommendation
1. [knot-resolver](https://knot-resolver.cz) **Recommend** using upstream repository on debian
2. Download.sh **Recommend** if you want to download all the default filters used in kresd.conf(knot-resolver configuration)
3. [jedisct1/Encrypted-dns-server](https://github.com/jedisct1/encrypted-dns-server) is recommended if you are looking for an easy way to start a DNSCrypt server
4. [Mozilla ssl-config](https://ssl-config.mozilla.org/) is recommended if you are looking for a sample TLS/SSL configuration for your Server Software
# Mirror / Fork
[notabug.org](https://notabug.org/lottanorta/doh-dot-haproxy)