Add support for type prefix for upstream addresses

Add support for DNS-over-TLS upstream addresses Remove tcp_only configuration option
2026-04-26 10:57:50 +00:00 · 2019-10-16 12:28:31 +02:00
parent cc60be718c
commit a09dfbbbc1
3 changed files with 78 additions and 28 deletions
--- a/doh-server/doh-server.conf
+++ b/doh-server/doh-server.conf
@@ -27,11 +27,16 @@ path = "/dns-query"

 # Upstream DNS resolver
 # If multiple servers are specified, a random one will be chosen each time.
+# You can use "udp", "tcp" or "tcp-tls" for the type prefix.
+# For "udp", UDP will first be used, and switch to TCP when the server asks to
+# or the response is too large.
+# For "tcp", only TCP will be used.
+# For "tcp-tls", DNS-over-TLS (RFC 7858) will be used to secure the upstream connection.
 upstream = [
-    "1.1.1.1:53",
-    "1.0.0.1:53",
-    "8.8.8.8:53",
-    "8.8.4.4:53",
+    "udp:1.1.1.1:53",
+    "udp:1.0.0.1:53",
+    "udp:8.8.8.8:53",
+    "udp:8.8.4.4:53",
 ]

 # Upstream timeout
@@ -40,9 +45,6 @@ timeout = 10
 # Number of tries if upstream DNS fails
 tries = 3

-# Only use TCP for DNS query
-tcp_only = false
-
 # Enable logging
 verbose = false