[New feature] The bootstrap resolver feature could support DNS-over-TCP and to set the port arbitrarily

junkurihara / doh-auth-proxy

Local DNS proxy for DNS over HTTPS (DoH), Oblivious DoH (ODoH) and Multiple-relay-based ODoH extension (Mutualized ODoH; MODoH), which additionally supports domain-based filtering and proxy/resolver authentication

https://junkurihara.github.io/dns

MIT License

28 stars 6 forks source link

[New feature] The bootstrap resolver feature could support DNS-over-TCP and to set the port arbitrarily #48

Closed junkurihara closed 9 months ago

junkurihara commented 10 months ago

          The bootstrap resolver feature could support DNS-over-TCP and to set the port arbitrarily. This would be useful in firewalled environments, when the UDP or ports other than 80/443 are blocked.

Originally posted by @przemyslaw0 in https://github.com/junkurihara/doh-auth-proxy/issues/43#issuecomment-1885725274

przemyslaw0 commented 10 months ago

OpenDNS has some resolvers that accepts connections on port 443 and works well with TCP:

208.67.222.222:443 208.67.220.220:443

Really good for a firewalled environment. My mobile phone provider blocks UDP ports other than 53 (for avoiding Torrent), DNSCrypt with anonymized relays doesn't work well here when I use USB Thetering, but doh-auth-proxy does.

junkurihara commented 9 months ago

Now the develop branch just supported TCP bootstrap DNS resolver with an arbitrary port. To explicitly specify the protocol and port, we need to set the resolver as tcp://1.1.1.1:53 in toml file. But existing format without protocol and port, e.g., 1.1.1.1, still works as an alias of udp://1.1.1.1:53.

I will ship this in the next patch release (not a breaking change due to the alias).

przemyslaw0 commented 9 months ago

@junkurihara

Thanks a lot, I will test later.