DNS/DoT to DoH proxy with load-balancing, fail-over and SSL certificate management

dns-proxy

Configuration

Variable Example Description
TLS_DOMAIN my.duckdns.org Domain name without wildcards. Used to create wildcard certificate and to check incoming connections
DNS_PROVIDER duckdns One of supported provider from https://go-acme.github.io/lego/dns/
DUCKDNS_TOKEN 1fff-111-... Provider specific token, see https://go-acme.github.io/lego/dns/ for further information
CERT_DIR /opt/certs Directory for generated certificates. Default: ./certs
EMAIL [email protected] Registration email address for Let's Encrypt
LOG_LEVEL debug Level to log. One of 'trace, debug, info, warn, error, fatal'. Default: info
PREFERRED_CHAIN ISRG Root X1 preferred certificate chain to use. default: "ISRG Root X1"
UPSTREAM_DOH http://192.168.178.3:4000/dns-query,https://cloudflare-dns.com/dns-query Comma separated list of upstream DoH DNS resolvers. Placeholder _CLIENTID_ will be automatically replaced with client id (only TLS from subdomain)
UPSTREAM_RETRY_CNT 2 Number of retry attempts before fallback resolver will be invoked. Default: 2
UPSTREAM_TIMEOUT 1s timeout for the upstream DoH request. Default: 1s
FALLBACK_DOH https://cloudflare-dns.com/dns-query Fallback upstream DoH server, used if upstream DoH requests fail. Default: https://cloudflare-dns.com/dns-query

Example with docker-compose and blocky

dns-proxy as DoT with Let's encrypt certificate and duckdns domain "test.duckdns.org". Uses 2 blocky instances as DoH resolver (192.168.178.3 and 192.168.178.5). Clients can use either "test.duckdns.org" for anonymous or " XXX.test.duckdns.org" for named access (in this case XXX will be passed to blocky for logging and filtering purposes).

version: "2.1"
services:
  dns-proxy:
    image: ghcr.io/0xerr0r/dns-proxy
    container_name: dns-proxy
    restart: always
    ports:
      - "853:853"
      - "53:53"
    environment:
      - TZ=Europe/Berlin
      - TLS_DOMAIN=test.duckdns.org
      - DNS_PROVIDER=duckdns
      - DUCKDNS_TOKEN=1df927c4-YOUR_TOKEN_HERE-XXX
      - [email protected]
      - LOG_LEVEL=info
      - UPSTREAM_DOH=http://192.168.178.3:4000/dns-query/_CLIENTID_,http://192.168.178.5:4000/dns-query/_CLIENTID_
    volumes:
      - certs:/app/certs
volumes:
  certs:
Owner
Dimitri Herzog
Java dev @work, Go dev @home. Topics of interest: Go, Docker, self-hosting
Dimitri Herzog
https://github.com/0xERR0R/dns-proxy
Similar Resources

Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language, in a style similar to the "net/http" library that is part of the Go standard library, including support for "middleware"; TELNETS is secure TELNET, with the TELNET protocol over a secured TLS (or SSL) connection.

go-telnet Package telnet provides TELNET and TELNETS client and server implementations, for the Go programming language. The telnet package provides a

Dec 28, 2022

SSL termination proxy

Introduction Very simple (Thanks to Go!) TCP SSL terminator proxy. Use it when you need to terminate SSL sessions transparently as a MITM interceptor

Oct 5, 2022

DNS Ping: to check packet loss and latency issues with DNS servers

DNSping DNS Ping checks packet loss and latency issues with DNS servers Installation If you have golang, easiest install is go get -u fortio.org/dnspi

Nov 18, 2022

Verify IP addresses of respectful crawlers like Googlebot by reverse dns and forward dns lookups

Verify IP addresses of respectful crawlers like Googlebot by reverse dns and forward dns lookups

goodbots - trust but verify goodbots verifies the IP addresses of respectful crawlers like Googlebot by performing reverse dns and forward dns lookups

Aug 16, 2022

The Dual-Stack Dynamic DNS client, the world's first dynamic DNS client built for IPv6.

dsddns DsDDNS is the Dual-Stack Dynamic DNS client. A dynamic DNS client keeps your DNS records in sync with the IP addresses associated with your hom

Sep 27, 2022

netcup DNS module for caddy: dns.providers.netcup

netcup DNS module for Caddy This package contains a DNS provider module for Caddy. It can be used to manage DNS records with the netcup DNS API using

Nov 9, 2022

A fork on miekg/dns (since I've already forked zmap/dns)

Alternative (more granular) approach to a DNS library Less is more. Complete and usable DNS library. All Resource Records are supported, including the

Jan 19, 2022

A simple DNS forwarder that forwards DNS queries to various upstreams

A simple DNS forwarder that forwards DNS queries to various upstreams. If an upstream returns NXDomain, the next upstream is tried.

Jul 8, 2022

High performance DNS over HTTPS client & server

DNS-over-HTTPS Client and server software to query DNS over HTTPS, using Google DNS-over-HTTPS protocol and IETF DNS-over-HTTPS (RFC 8484). Guides Tut

Jan 7, 2023
Related tags
Network dns-proxy
This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most SSL stripping solutions this tool will negotiate ALPN and preserve the negotiated protocol all the way to the target.

ALPN Pass This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic a

Dec 31, 2022
Laptop Booking Application in Golang and gRPC, load-balancing with NGINX, and fully compatible with HTTPS OpenAPI v3

Laptop Booking Application in Golang and gRPC Goals GitHub CI & Coverage Badge Serialize protobuf messages Create laptop unary gRPC Search laptop Serv

Jun 17, 2022
Seesaw v2 is a Linux Virtual Server (LVS) based load balancing platform.

Seesaw v2 Note: This is not an official Google product. About Seesaw v2 is a Linux Virtual Server (LVS) based load balancing platform. It is capable o

Jan 3, 2023
Consul Load-Balancing made simple
 Consul Load-Balancing made simple

Notes From release 1.5.15 onward, fabio changes the default GOGC from 800 back to the golang default of 100.

Dec 27, 2022
Consul Load-Balancing made simple
 Consul Load-Balancing made simple

Notes From release 1.5.15 onward, fabio changes the default GOGC from 800 back to the golang default of 100. Apparently this made some sense back in t

Dec 31, 2022
Client-Side Load Balancing for Golang

cslb Client-Side Load Balancer This Project is in early developing state Feature Multiple client-side load balancing solutions support Round-Robin DNS

Aug 29, 2022
Serve endpoint metadata for client side load balancing

Servok Servok is a service that provides endpoint metadata for client side load balancing. See CONTRIBUTING.md for instructions on how to contribute a

Dec 9, 2021
Simple Nginx Load Balancing Use Docker Engine
 Simple Nginx Load Balancing Use Docker Engine

Load Balancing Menggunakan Nginx Load Balancing adalah sebuah mekanisme untuk membagi atau mendistribusikan trafik ke beberapa server. Nginx selain be

Dec 14, 2021
Hetzner-dns-updater - A simple tool to update a DNS record via Hetzner DNS API. Used for simple HA together with Nomad

hetzner-dns-updater A small utility tool to update a single record via Hetzner D

Feb 12, 2022
Fail2Connect - Ban connections that fail to connect

Fail2Connect - Ban connections that fail to connect Fail2Connect is a program written in Golang. It reads log files like /var/log/openvpn.log or /var/

Jan 8, 2022