surtur
ae26a316a5
* add instructions on how to use the resolvers * additionally, configure better caching on CoreDNS * tweak the main domain used * reorganise the README a bit |
||
|---|---|---|
| etc | ||
| .gitattributes | ||
| LICENSE | ||
| README.md | ||
coredns
this repo contains the configuration files for CoreDNS
set up as a DNS over TLS (DoT)
and DNS over HTTPS (DoH)
forwarding resolver that relies on a locally running
dnscrypt-proxy instance for any
and all query resolution.
the main program is configured to run under an unprivileged user (in
coredns.service), which doesn't by default have access to /etc/letsencrypt.
TLS certs therefore need to be supplied to coredns using another way - see
the copycerts_coredns.{path,service,timer} units.
how to use this - tl;dr
DoT
dns.dotya.ml
DoH
https://dns.dotya.ml/dns-query
DoH alt port
https://dns.dotya.ml:4053/dns-query
how to use this - the long version
the overarching domain for dns is dns.dotya.ml.
for DoT, simply configure the domain.
for DoH, append /dns-query to the domain, i.e. configure
dns.dotya.ml/dns-query (optionally prefixed with https) as the DoH server
(in e.g. Firefox).
it is worth noting that the DoH server natively listens on :4053, but is
additionally proxied by nginx so that it can be found on a standard HTTPS
port and blends in better.
TO DO
- automated deployment (preferably using
ansible+drone)
LICENSE
WTFPLv2, see LICENSE for details