New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS Proxy as DoH Server with NGINX #188
Comments
Could it be that misconfiguration is on the nginx side? Have you tried using curl and requesting the plain HTTP URL first? Also, why listening on 443 for plain HTTP? |
Hi, I have tried using curl as you suggest, but I get this :
Then, if I stop the dns proxy and start another doh server (the one I want to replace with dnsproxy m12353 that is actually working now:
I attached the nginx configs Thanks for your help. Ivan Marino. |
Note that dnspoxy wouldn't run a DoH server without TLSConfig: Line 438 in 499a996
Probably, we'll need a separate command-line option to allow that. |
Oh I see now, we need to actually pass the certs to do it. I'll look at that. Thx |
Well, in this case you probably won't need nginx to do TLS termination for you. Your config only makes sense if dnsproxy listens to plain HTTP. |
Yes, I see your point, but since I'll validate later client-side certificates, I prefer to have nginx to validate it, btw, I've changed the code for client certs, I'll try to make the tests when I have some time. |
dnsproxy:
nginx:
Short answer: load certs&key on both |
Thanks for your help @rampageX it worked perfectly !! |
Well, what I meant is that currently it's double work (you do TLS encryption on both nginx and dnsproxy). Ideally, we should expose an option to work as a plain HTTP server and there's a technical possibility, it is just not exposed via command-line API. |
Really need this feature |
Hi,
I'm trying to configure a DNS Server using the dnsproxy as forwarder for the dns-queries. The configuration i have is the following:
Client : dnsproxy as a DoH client
Server : dnsproxy as a forwarder : the idea is that it takes the DNS query from the HTTP and then replies with the corresponding DNS response by using the desired upstream, for the certificates validation I use NGINX with let's encrypt certs.
I have the following configuration:
Client:
Server:
Then, if I run tshark I can actually see the DNS query arriving:
But there is no successful DNS resolution
I attached both, the server and client side traces
client.txt
server.txt
Maybe I'm misunderstanding something?
Thanks for your help !
The text was updated successfully, but these errors were encountered: