View on GitHub

DOH Proxy

A DNS-over-HTTPS Proxy

In this examples, we will assume that we have the following setup:

This document will focus on the doh-proxy tools arguments and where they should be run. The specifics of configuring a DNS recursive resolver, reverse proxy are outside the scope of this document and are already intensively covered o the Internet.

Simple setup

Running the proxy

On the server, we run the doh-proxy as root:

$ sudo doh-proxy \
    --certfile /etc/certs/dns.example.com/fullchain.pem \
    --keyfile /etc/certs/dns.example.com/privkey.pem \
    --upstream-resolver ::1

Running the client stub

On the client

$ sudo doh-stub \
    --domain dns.example.com \
    --remote-address fdbe:7d77:b04f:a2ca::1 \
     --listen-address ::1

You can test it by running a dig on the client:

$ dig @::1 example.com

To start using it, update /etc/resolv.conf and change nameserver do be:

nameserver ::1