lancachenet / lancache-dns

DNS Docker service for a lancache.
https://hub.docker.com/r/lancachenet/lancache-dns/
MIT License
285 stars 75 forks source link

[Feature Request] Add DNS over HTTPS support #90

Closed tuzzmaniandevil closed 5 years ago

tuzzmaniandevil commented 5 years ago

I found a very handy guide to configure dnsmasq to use DNS over HTTPS.

https://bendews.com/posts/implement-dns-over-https/

It would be great if this could somehow be integrated into the project :-)

astrolox commented 5 years ago

Is this needed? What are the benefits? What problems would be solved?

tuzzmaniandevil commented 5 years ago

It adds a privacy layer. Normally I would set up DNS over HTTPS on the router so all devices on the LAN side use it by default. But because the router now points to the lancache server and that makes the external DNS requests, that privacy layer disappears.

astrolox commented 5 years ago

Personally I would advise the following;

This way you can control how you want DNS lookups outside your network to be performed.

astrolox commented 5 years ago

Ok, you got me curious so I did a little more research. DNS over HTTPS is indeed interesting, although not perfect.

In relation to the solution you linked to and other solutions I found, an additional daemon needs to be run to act as a DNS over HTTPS proxy. Usually, but not always, the cloudflared is used.

I think it would be inappropriate to include this additional software in the lancache-dns image. On the basis that each docker image should have a single responsibility, in an ideal world. We aren't trying to make the world's best DNS server image, we're just trying to provide an easy way to MITM DNS for the purposes of redirecting traffic to the cache.

Honestly if it were possible to provide caching without this I would prefer that solution (yes, that is something we've been looking in to and have been experimenting with).

So as such I'm going to close this feature request. However I want to thank you for your contribution - please continue to be a part of the community.

For anyone who wishes to incorporate DNS over HTTPS in to their lancache setup please note the advice I gave above in relation to the UPSTREAM_DNS feature we have included in this image. Additionally please note that you can run a separate container with the DNS proxy in it, as use that as your upstream (think microservices!).