From e382ff415f8d90e4f1b3e62cf3ce497922a5b60e Mon Sep 17 00:00:00 2001
From: Star Brilliant <m13253@hotmail.com>
Date: Wed, 4 Oct 2017 12:30:41 +0800
Subject: [PATCH] Add Readme

---
 Readme.md                  | 74 ++++++++++++++++++++++++++++++++++++++
 doh-client/main.go         |  2 +-
 doh-server/main.go         |  2 +-
 systemd/doh-client.service |  2 +-
 systemd/doh-server.service |  2 +-
 5 files changed, 78 insertions(+), 4 deletions(-)
 create mode 100644 Readme.md

diff --git a/Readme.md b/Readme.md
new file mode 100644
index 0000000..579ce7c
--- /dev/null
+++ b/Readme.md
@@ -0,0 +1,74 @@
+DNS-over-HTTPS
+==============
+
+Client and server software to query DNS over HTTPS protocol
+
+## Easy start
+
+Install [Go](https://golang.org), at least version 1.8.
+
+Type:
+
+    make
+
+To install DNS-over-HTTPS as Systemd services, type:
+
+    sudo make install
+
+By default, [Google DNS over HTTPS](https://dns.google.com) is used. It should work
+for most users (except for People's Republic of China). If you need to modify the
+default settings, type:
+
+    sudo cp /usr/lib/systemd/system/doh-client.service /etc/systemd/system/
+    sudoedit /etc/systemd/system/doh-client.service
+
+To automatically start DNS-over-HTTPS client as a system service, type:
+
+    sudo systemctl start doh-client.service
+    sudo systemctl enable doh-client.service
+
+Then, modify your DNS settings (usually with NetworkManager) to 127.0.0.1.
+
+To test your configuration, type:
+
+    dig www.google.com
+
+If it is OK, you will wee:
+
+    ;; SERVER: 127.0.0.1#53(127.0.0.1)
+
+## Server Configuration
+
+The following is a typical DNS-over-HTTPS architecture:
+
+    +--------------+                                +------------------------+
+    | Application  |                                |  Recursive DNS Server  |
+    +-------+------+                                +-----------+------------+
+            |                                                   |
+    +-------+------+                                +-----------+------------+
+    | Client side  |                                |      doh-server        |
+    | cache (nscd) |                                +-----------+------------+
+    +-------+------+                                            |
+            |         +--------------------------+  +-----------+------------+
+    +-------+------+  |    HTTP cache server /   |  |   HTTP service muxer   |
+    |  doh-client  +--+ Content Delivery Network +--+ (Apache, Nginx, Caddy) |
+    +--------------+  +--------------------------+  +------------------------+
+
+Although DNS-over-HTTPS can work alone, a HTTP service muxer would be useful as you
+can host DNS-over-HTTPS along with other HTTPS services.
+
+## Protocol compatibility
+
+ [X] IPv4 / IPv6
+ [X] EDNS0 large UDP packet
+ [X] EDNS0 Client Subnet
+ [ ] DNSSEC
+
+DNSSEC is planned but not implemented yet. Contributions are welcome.
+
+## License
+
+DNS-over-HTTPS is licensed under [GNU AFFERO GENERAL PUBLIC LICENSE](LICENSE)
+version 3 or later. That means, if you improved DNS-over-HTTPS or fixed a bug, you
+**must** disclose your modification to the public, so that others may benefit from
+your modification, in the same way you receive benefits from this project.
diff --git a/doh-client/main.go b/doh-client/main.go
index becf33f..2271c1e 100644
--- a/doh-client/main.go
+++ b/doh-client/main.go
@@ -23,7 +23,7 @@ import (
 )
 
 func main() {
-	addr := flag.String("addr", ":53", "DNS listen port")
+	addr := flag.String("addr", "127.0.0.1:53", "DNS listen port")
 	upstream := flag.String("upstream", "https://dns.google.com/resolve", "HTTP path for upstream resolver")
 	flag.Parse()
 
diff --git a/doh-server/main.go b/doh-server/main.go
index aec62f2..1e0f91d 100644
--- a/doh-server/main.go
+++ b/doh-server/main.go
@@ -25,7 +25,7 @@ import (
 )
 
 func main() {
-	addr := flag.String("addr", "[::1]:8053", "HTTP listen port")
+	addr := flag.String("addr", "127.0.0.1:8053", "HTTP listen port")
 	cert := flag.String("cert", "", "TLS certification file")
 	key := flag.String("key", "", "TLS key file")
 	path := flag.String("path", "/resolve", "HTTP path for resolve application")
diff --git a/systemd/doh-client.service b/systemd/doh-client.service
index a11bf4c..1bb4f6a 100644
--- a/systemd/doh-client.service
+++ b/systemd/doh-client.service
@@ -4,7 +4,7 @@ After=network.target
 
 [Service]
 AmbientCapabilities=CAP_NET_BIND_SERVICE
-ExecStart=/usr/local/bin/doh-client -addr :53 -upstream https://dns.google.com/resolve
+ExecStart=/usr/local/bin/doh-client -addr 127.0.0.1:53 -upstream https://dns.google.com/resolve
 LimitNOFILE=1048576
 Restart=always
 RestartSec=3
diff --git a/systemd/doh-server.service b/systemd/doh-server.service
index 4873e15..d0a4f9c 100644
--- a/systemd/doh-server.service
+++ b/systemd/doh-server.service
@@ -4,7 +4,7 @@ After=network.target
 
 [Service]
 AmbientCapabilities=CAP_NET_BIND_SERVICE
-ExecStart=/usr/local/bin/doh-server
+ExecStart=/usr/local/bin/doh-server -addr 127.0.0.1:8053 -upstream 8.8.8.8:53,8.8.4.4:53
 LimitNOFILE=1048576
 Restart=always
 RestartSec=3