Closed tuzzmaniandevil closed 5 years ago
Is this needed? What are the benefits? What problems would be solved?
It adds a privacy layer. Normally I would set up DNS over HTTPS on the router so all devices on the LAN side use it by default. But because the router now points to the lancache server and that makes the external DNS requests, that privacy layer disappears.
Personally I would advise the following;
UPSTREAM_DNS
feature of lancache-dns to specify that lancache should use your router as it's upstream DNS serverThis way you can control how you want DNS lookups outside your network to be performed.
Ok, you got me curious so I did a little more research. DNS over HTTPS is indeed interesting, although not perfect.
In relation to the solution you linked to and other solutions I found, an additional daemon needs to be run to act as a DNS over HTTPS proxy. Usually, but not always, the cloudflared is used.
I think it would be inappropriate to include this additional software in the lancache-dns image. On the basis that each docker image should have a single responsibility, in an ideal world. We aren't trying to make the world's best DNS server image, we're just trying to provide an easy way to MITM DNS for the purposes of redirecting traffic to the cache.
Honestly if it were possible to provide caching without this I would prefer that solution (yes, that is something we've been looking in to and have been experimenting with).
So as such I'm going to close this feature request. However I want to thank you for your contribution - please continue to be a part of the community.
For anyone who wishes to incorporate DNS over HTTPS in to their lancache setup please note the advice I gave above in relation to the UPSTREAM_DNS
feature we have included in this image. Additionally please note that you can run a separate container with the DNS proxy in it, as use that as your upstream (think microservices!).
I found a very handy guide to configure dnsmasq to use DNS over HTTPS.
https://bendews.com/posts/implement-dns-over-https/
It would be great if this could somehow be integrated into the project :-)