DoH support

[Tomatoide]

Hi so nowadays most dns providers have Dns over https support, was wondering if it's possible to have a bancuh doh version. thx

[ragibkl]

Yeah, that would be good to have! I don't know how to do this yet. If you happen across any docs or guides online, do paste the links here.

[ragibkl]

Found some notes:

• https://www.aaflalo.me/2018/10/tutorial-setup-dns-over-https-server/
• https://dnsdist.org/
• https://www.linuxbabe.com/ubuntu/dns-over-https-doh-resolver-ubuntu-dnsdist

I think this is worth doing. I'll try spend some time on this.

[ragibkl]

Hi @Tomatoide ,

I created a test DNS server for this. Also pull request is here if you are interested.

Could you please test the server?

DNS:

• domain: dns1.test.ragibkl.cloudns.org
• ipv4: 163.172.160.117
• ipv6: 2001:bc8:628:843::1

DoT:

• domain: dns1.test.ragibkl.cloudns.org

DoH:

• url: https://dns1.test.ragibkl.cloudns.org/dns-query

Drawbacks:

• logs viewer not working, since requests are handled by dnsdist instead of bind directly. We can maybe enhance logs-viewer to work with dnsdist in future.
• http null server not working since port 80 is used by the certbot. I wasn't using this anyway.
• rate limit won't work so well, need to turn off and enable dnsdist to handle this.

[Tomatoide]

Great! I will test the doh and report any findings, thank you once again

[ragibkl]

@Tomatoide ,

If you have time, you can test the DoT as well. On Android phones, there is setting for Private DNS, which if you input the server domain, it will use it with DoT protocol.

Thanks!

[Tomatoide]

So far so good 👍 looking forward for the final version and addressing drawbacks

[ragibkl]

@Tomatoide , can you try to view the logs? http://dns1.test.ragibkl.cloudns.org:8080/

[Tomatoide]

@ragibkl Nice it works 👍

[ragibkl]

@Tomatoide , this is applied to the server in france. Could you test it?

DNS Do53: domain: fr-dns1.bancuh.com ipv4: 51.158.99.7 ipv6: 2001:bc8:600:705::1

DoT: domain: fr-dns1.bancuh.com

DoH: url: https://fr-dns1.bancuh.com/

[ragibkl]

@Tomatoide , I'm activating both fr-dns1 and fr-dns2 as well. See: https://blog.bancuh.com/adblock-dns/adblock-dns-quickstart/

Do test them and let me know any issues.

[Tomatoide]

Awesome! thanks for your amazing work @ragibkl initial testing is promising and all well 👍

[ragibkl]

Hi @Tomatoide ,

It's been a few days. I haven't used the DoH much, but I've been using the DoT on my Android and everything seems fine. It's nice to see the adblock works on the phone, even when I'm outside my home WiFi.

I think, let's call this feature as completed. I'll close this issue now. Since this is a supported feature now, if anything is not working as intended, we should treat them as bugs, so you can just file them as new issues separately.

BTW, if you are still using the test server here: https://github.com/ragibkl/adblock-dns-server/issues/117#issuecomment-1046174769, please change to the production servers listed in here: https://blog.bancuh.com/adblock-dns/adblock-dns-quickstart/ instead. I will turn it off in 2 days.

Have a good day!