My Personal Configuration for DNSserver using Haproxy or NGINX
Go to file
2021-01-03 16:38:35 +07:00
addition check.http 2021-01-01 19:42:07 +07:00
configuration Update kresd.conf 2021-01-02 21:48:07 +07:00
filters Update denylist.rpz 2021-01-03 16:38:35 +07:00
bright.md Create bright.md 2021-01-01 20:25:06 +07:00
download-filters.sh Rename download.sh to download-filters.sh 2021-01-02 21:41:42 +07:00
README.md quicik! 2021-01-02 22:04:04 +07:00

DOT DOH with haproxy

Mozilla ssl-config

!!! denylist.rpz and allowlist.rpz are made for my private use and will cause problem with some domain !!!

Query
           Dns-over-TLS
          --------------------->  Haproxy(Frontend)    ----------------------------->  Knot-resolver
   Cluster                         Listen(TCP/443/853)                                 Listen(Local/dns)
          --------------------->            (HTTP/443) -------> m13253/DOH   ------->
	   Dns-over-HTTPS                                       Listen(Local/http)

Server structure

    Server(or instances)
    |
    |----> Frontend-DOH (Haproxy 443 http TLS 1.3 strict-sni hdr/host/ ssl)
    |           |----> DOH (m13253/dns-over-https local)
    |                    |---------------------------------------------------------------| 
    |----> Frontend-DOT (Haproxy 443 853 tcp TLS 1.3 strict-sni ssl_fc_sni ssl)          v
                      |--------------------------------------------------------------> Dns Resolver (Knot-resolver dns local)
                      

Recommendation

  1. knot-resolver Recommend using upstream repository on debian
  2. Download.sh Recommend if you want to download all the default filters used in kresd.conf(knot-resolver configuration)

Mirror / Fork

notabug.org