readonly/DNSserver
1
0
Fork 0
mirror of https://github.com/minoplhy/DNSserver.git synced 2024-11-24 10:16:54 +00:00
Code Issues Projects Releases Wiki Activity
4d2eaa8ff2
DNSserver/README.md
Minoplhy 4d2eaa8ff2
Codeberg isn't active
2022-01-17 17:29:23 +00:00

49 lines
2.9 KiB
Markdown
Raw Blame History

# HaproxyDNS
Use Haproxy or NGINX as *Dns-over-HTTPS* | *DNS-over-TLS* | *DNSCrypt*(not Haproxy) | *Plain DNS* Server
**!!! denylist.rpz and allowlist.rpz are made for my _private_ use and will _cause_ problem with _some_ domain !!!**
> **denylist.rpz and allowlist.rpz now moved to dedicated repository but still cause problem**
```
Query
Dns-over-TLS
---------------------> Haproxy(Frontend) ----------------------------->
Cluster Listen(TCP/443/853)
---------------------> (HTTP/443) -------> m13253/DOH -------> Knot-resolver
Dns-over-HTTPS Listen(global/dns)Listen(Local/dns)
DNSCrypt v2
---------------------> jedisct1/Encrypted DNS Server ------------------->
Listen(TCP/UDP/8443)
```
or NGINX
```
Query
Dns-over-TLS
---------------------> NGINX(Frontend) ----------------------------->
Cluster Listen(TCP/853)
---------------------> (HTTP/443) -------> m13253/DOH -------> Knot-resolver
Dns-over-HTTPS Listen(global/dns)Listen(Local/dns)
DNSCrypt v2
---------------------> jedisct1/Encrypted DNS Server ------------------->
Listen(TCP/UDP/8443)
```
# Recommendation
1. [knot-resolver](https://knot-resolver.cz) **Recommended** using upstream repository on debian
2. download-filters.sh **Recommended** if you want to download all the default filters used in kresd.conf(knot-resolver configuration)
3. [jedisct1/Encrypted-dns-server](https://github.com/jedisct1/encrypted-dns-server) **Recommended** if you are looking for an easy way to start a DNSCrypt server
4. [Mozilla ssl-config](https://ssl-config.mozilla.org/) **Recommended** if you are looking for a sample TLS/SSL configuration for your Server Software
5. [AdGuardHome](https://github.com/adguardteam/adguardhome) or [Pi-hole](https://github.com/pi-hole/pi-hole) **Recommended** in case your blocklist are big {my big is around 10MB ++} and RAM is your limitation .
6. use [AdGuardHome](https://github.com/adguardteam/adguardhome) or [Pi-hole](https://github.com/pi-hole/pi-hole) instead of Knot-Resolver **Recommended** if you already forwarded all requests to Third-Party(e.g. quad9)
7. not open Port 53 to the world **Recommended** if your dns server is only for private use or internal use, cause you'll get chance of getting flood from unknown party
# Mirror / Fork
*Mirror n Fork Repository might not up-to-date with main repository*
[notabug.org](https://notabug.org/lottanorta/HaproxyDNS)
[git.disroot.org](https://git.disroot.org/minoplhy/DNSserver)
Reference in New Issue View Git Blame Copy Permalink