Using encrypted-dns-server behind a reverse proxy

DNSCrypt / encrypted-dns-server

An easy to install, high-performance, zero maintenance proxy to run an encrypted DNS server.

MIT License

987 stars 92 forks source link

Using encrypted-dns-server behind a reverse proxy #132

Closed nodje closed 2 years ago

nodje commented 2 years ago

I'd like to setup encrypted-dns-server behind a reverse proxy, Traefik, which would take care of the TLS layer.

As I don't understand the certificate management needed behind encrypted-dns-server, either for DNSCrypt own protocol or DOH, I'm not sure if that is easily possible and how the DNS stamps would be generated.

Thanks

jedisct1 commented 2 years ago

The DNSCrypt protocol doesn't use TLS, but something specially made for DNS.

If you want to use DoH and/or ODoH, you should be running doh-server instead. This one will work fine with a TLS termination proxy such as Traefik.

nodje commented 2 years ago

What if the reverse proxy doesn't take care of the TLS layer but just forwards a domain dns.example.com to a encrypted-dns-server instance. What are the protocol it would need to handle? Looking at the docker setup -p 443:443/udp -p 443:443/tcp would be the ones.

As I'm studying options within your large offer under DNSCrypt, I'll ask question in other projects as well.