mirror of
https://github.com/m13253/dns-over-https.git
synced 2026-03-30 18:35:38 +00:00
2332d9b7c1
* Add local_addr configuration for doh-server This commit adds a `local_addr` string value to `doh-server.conf`, specifying the IP address and port from which outgoing calls to upstream DNS resolvers should originate. This value is set as the `udpClient`'s and `tcpClient`'s `Dialer.LocalAddr` when initializing a `NewServer`. If the value is left empty in `doh-server.conf`, it defaults to the first `listen` address (which in turn defaults to `"127.0.0.1:8053"`). One use case for this would be if `doh-server` is proxying requests to a local DNS resolver (e.g. `unbound` or Pi-hole). Up to version 2.0.0, all DNS queries from `doh-server` are sent from `127.0.0.1` (even if the `listen` address is set to a different loopback IP address), making it hard to distinguish them from all other local DNS queries from the same machine in the query logs. * Revert defaulting of local_addr to listen address This commit reverts to the existing behavior when `conf.LocalAddr == ""`, i.e. letting `dns.Client` instantiate its own `Dialer` with the default local address. * Fixup comment in configuration file * Log errors from Dialer instantiation (e.g. if LocalAddr port is missing) * Fixup other comment in configuration file * Return error and log fatal
49 lines
1.1 KiB
Plaintext
49 lines
1.1 KiB
Plaintext
# HTTP listen port
|
|
listen = [
|
|
"127.0.0.1:8053",
|
|
"[::1]:8053",
|
|
]
|
|
|
|
# Local address and port for upstream DNS
|
|
# If left empty, a local address is automatically chosen.
|
|
local_addr = ""
|
|
|
|
# TLS certification file
|
|
# If left empty, plain-text HTTP will be used.
|
|
# You are recommended to leave empty and to use a server load balancer (e.g.
|
|
# Caddy, Nginx) and set up TLS there, because this program does not do OCSP
|
|
# Stapling, which is necessary for client bootstrapping in a network
|
|
# environment with completely no traditional DNS service.
|
|
cert = ""
|
|
|
|
# TLS private key file
|
|
key = ""
|
|
|
|
# HTTP path for resolve application
|
|
path = "/dns-query"
|
|
|
|
# Upstream DNS resolver
|
|
# If multiple servers are specified, a random one will be chosen each time.
|
|
upstream = [
|
|
"1.1.1.1:53",
|
|
"1.0.0.1:53",
|
|
"8.8.8.8:53",
|
|
"8.8.4.4:53",
|
|
]
|
|
|
|
# Upstream timeout
|
|
timeout = 10
|
|
|
|
# Number of tries if upstream DNS fails
|
|
tries = 3
|
|
|
|
# Only use TCP for DNS query
|
|
tcp_only = false
|
|
|
|
# Enable logging
|
|
verbose = false
|
|
|
|
# Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP
|
|
# Note: http uri/useragent log cannot be controlled by this config
|
|
log_guessed_client_ip = false
|