if you need working stuff: https://github.com/facebookarchive/doh-proxy
dnspythonjsonurllib
to install these for user, use:
$ pip3 install --break-system-packages --user [MODULES...]-
doh-client.py- DoH client, command-line
-
dns-query.py- DoH server, CGI (Apache), NOTE: running with no arguments starts this mode! -
?dns-query-fcgi.py?- DoH server, FastCGI, talking throughfcgi.sock -
?- DoH server, WSGI/ASGI w/e this is... - [?]
?- DoH server, standalone or reverse-proxy, if FCGI/WSGI/ASGI stuff feels slow - [?]
?- DoH server in C/C++, ifpython3feels slow - [?] ...wrap every example, so that it can
serve_forever()
dns-query.conf- Apache CGIconf.d/drop-in example
- plain-DNS queries over
:53/udpis not secure, can't be trusted and leak data - opt. 0: DNS-over-TLS to
:853/tcpcan be used to trusted nameservers (cuddleflare, oogle) - opt. 1: setup DoH-proxy on router and block outgoing connections in firewall on your router
- opt. 2: setup encrypted WireGuard tunnel to some VPS/VDS and use it's nameserver as the primary one
query is DNS-wire message in modified base64, see: dohwg/draft-ietf-doh-dns-over-https#30 (comment)
FIXME: you can get such b64 string like this:
$ nc -lu 10053 | base64 | sed '/[=]+$//g' | tr '+=' '_/' </dev/null &
$ dig github.com -p 10053 @127.0.0.1 &>/dev/null 2>&1name= is (non-RFC) addition for debugging
$ ./doh-client.py name=github.com/dev/stdin is read to answer POST requests, hence </dev/null
$ ./dns-query.py dns=AAABAAABAAAAAAAABmdpdGh1YgNjb20AAAEAAQ </dev/null
$ QUERY_STRING=dns=AAABAAABAAAAAAAABmdpdGh1YgNjb20AAAEAAQ ./dns-query.py </dev/null
$ echo dns=AAABAAABAAAAAAAABmdpdGh1YgNjb20AAAEAAQ | ./dns-query.py- WGSI: https://en.wikipedia.org/wiki/Web_Server_Gateway_Interface
- Caddy FastCGI example: https://github.com/tonyallan/python3-experiments/tree/main/caddy-server-fastcgi
- Public Domain