surtur
ae26a316a5
* add instructions on how to use the resolvers * additionally, configure better caching on CoreDNS * tweak the main domain used * reorganise the README a bit |
||
---|---|---|
etc | ||
.gitattributes | ||
LICENSE | ||
README.md |
coredns
this repo contains the configuration files for CoreDNS
set up as a DNS over TLS (DoT)
and DNS over HTTPS (DoH)
forwarding resolver that relies on a locally running
dnscrypt-proxy
instance for any
and all query resolution.
the main program is configured to run under an unprivileged user (in
coredns.service
), which doesn't by default have access to /etc/letsencrypt
.
TLS certs therefore need to be supplied to coredns
using another way - see
the copycerts_coredns.{path,service,timer}
units.
how to use this - tl;dr
DoT
dns.dotya.ml
DoH
https://dns.dotya.ml/dns-query
DoH alt port
https://dns.dotya.ml:4053/dns-query
how to use this - the long version
the overarching domain for dns is dns.dotya.ml
.
for DoT, simply configure the domain.
for DoH, append /dns-query
to the domain, i.e. configure
dns.dotya.ml/dns-query
(optionally prefixed with https
) as the DoH server
(in e.g. Firefox).
it is worth noting that the DoH server natively listens on :4053
, but is
additionally proxied by nginx
so that it can be found on a standard HTTPS
port and blends in better.
TO DO
- automated deployment (preferably using
ansible
+drone
)
LICENSE
WTFPLv2, see LICENSE for details