as/doh-relay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Minimal DoH -> DNS relay, meant to sit between an HTTP server taking care of the TLS stuff and a plain DNS server.
8 commits 1 branch 0 tags 62 KiB
  • Rust 100%
Find a file
Exact
AeroStun 410936f218
 Add deployment section to README 
Hint at systemd deployment, and show the snippets
of Nginx site and Caddyfile configuration
that can be used in a production environment.
2026-03-29 03:20:44 +02:00
src Use more specific HTTP error status codes 2026-01-03 18:47:36 +01:00
.gitignore Initial commit 2026-01-02 23:58:39 +01:00
Cargo.lock Initial commit 2026-01-02 23:58:39 +01:00
Cargo.toml Initial commit 2026-01-02 23:58:39 +01:00
doh-relay.service Further harden systemd service unit 2026-03-09 00:22:52 +01:00
LICENSE Initial commit 2026-01-02 23:58:39 +01:00
README.md Add deployment section to README 2026-03-29 03:20:44 +02:00

README.md

DoH Relay

Minimal DoH -> DNS relay, meant to sit between an HTTP server taking care of the TLS stuff and a plain DNS server.

Build

This software is written in Rust and builds with Cargo:

$ cargo build --release
target/release/doh-relay

If you run on the same machine you build, set RUSTFLAGS="-C target-cpu=native" in your shell env at build-time for best runtime performance.

Test

While there are no automated tests yet, one can simply use dig to validate the correct function of this relay.

$ dig @localhost -p 8053 +http-plain-get  aerostun.dev.
$ dig @localhost -p 8053 +http-plain-post aerostun.dev.

Deploy

doh-relay can be deployed rather simply as a systemd service using the provided doh-relay.service unit file, and placed behind a reverse-proxy taking care of the SSL shenanigans. Below are example snippets with different HTTP servers.

Caddy

example.tld {
  handle /dns-query {
    reverse_proxy h2c://127.0.0.1:8053
  }
}

Nginx

server {
  location = /dns-query {
    proxy_pass http://127.0.0.1:8053;
    proxy_http_version 1.1; # Can bump to 2 when using Nginx >= 1.29.4
  }
}