dns-over-https 0.2.0

A lightweight DNS-over-HTTPS proxy
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

# DNS-over-HTTPS


A lightweight DNS-over-HTTPS ("DOH") proxy written in Rust.

DNS-over-HTTPS is a lightweight proxy that will securely forward any requests to a DNS-over-HTTPS resolver such as [Cloudflare](https://developers.cloudflare.com/1.1.1.1/dns-over-https/).

**Current version:** 0.2.0  
**Supported Rust version:** 1.31

## Install


Download the latest binary for your architecture from the [releases page](https://github.com/ssrlive/dns-over-https/releases).

## Usage


```
Usage: dns-over-https.exe [OPTIONS]

Options:
  -b, --bind <IP:port>       Listen for DNS requests on the addresses and ports [default: 127.0.0.1:53]
  -u, --upstream-urls <URL>  URL(s) of upstream DNS-over-HTTPS service [default: https://1.1.1.1/dns-query]
  -v, --verbosity <level>    Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace]
  -h, --help                 Print help
  -V, --version              Print version
```

### Running on a Pi-Hole


To use DNS-over-HTTPS to encrypt your DNS requests on a Pi-Hole, download and install the latest [release](https://github.com/ssrlive/dns-over-https/releases):

```console
pi@raspberrypi:~ $ wget https://github.com/ssrlive/dns-over-https/releases/download/v0.2.0/dns-over-https-v0.2.0-arm-unknown-linux-gnueabihf.tar.gz
pi@raspberrypi:~ $ tar xzf dns-over-https-v0.2.0-arm-unknown-linux-gnueabihf.tar.gz
pi@raspberrypi:~ $ sudo mv dns-over-https /usr/local/bin/
```

You can confirm dns-over-https is working properly by asking for the current version:

```console
pi@raspberrypi:~ $ dns-over-https --version
dns-over-https 0.2.0
```

You can then configure dns-over-https to run as a Systemd service that listens on port 5053 and forwards requests to [Cloudflare's DNS-over-HTTPS resolvers](https://developers.cloudflare.com/1.1.1.1/dns-over-https/).

First, create a system user for dns-over-https:

```console
pi@raspberrypi:~ $ sudo adduser --system --no-create-home dns-over-https
```

Then write out a Systemd unit file:

```console
pi@raspberrypi:~ $ sudo tee /lib/systemd/system/dns-over-https.service <<EOF
[Unit]
Description=dns-over-https
After=syslog.target network-online.target

[Service]
Type=simple
User=dns-over-https
ExecStart=/usr/local/bin/dns-over-https -b 127.0.0.1:5053 -u https://1.1.1.1/dns-query -u https://1.0.0.1/dns-query
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target
EOF
```

You can now start up dns-over-https and check it is running:

```console
pi@raspberrypi:~ $ sudo systemctl enable dns-over-https
pi@raspberrypi:~ $ sudo systemctl start dns-over-https
pi@raspberrypi:~ $ sudo systemctl status dns-over-https
```

Finally, you can change your Pi-Hole configuration to use `127.0.0.1#5053` as its sole upstream DNS server and confirm your requests are now secure by using [Cloudflare's connection information page](https://1.1.1.1/help).

## References


* https://developers.cloudflare.com/1.1.1.1/dns-over-https/

## License


Copyright © 2024-2024 @ssrlive
Copyright © 2018-2019 Paul Mucur

Distributed under the MIT License.