DNS over HTTPS
This is an example of an EdgeEngine worker that responds to
DNS over HTTPS (DoH) requests. It delegates all calls to the Google DNS
over HTTPS server for all requests except for
.stackpath which it will use another site's IPs for.
This is the accompanying code for the blog post Serverless DNS over HTTPS (DoH) at the Edge.
- Latest Go
- Latest LTS Node.js
- Latest mkcert on the PATH (and
mkcert -installrun at some point)
- Latest Firefox (also expects root CA cert created by
mkcertimported in Firefox for whatever profile you're testing with)
npm run genlocalcert
Then in one terminal:
npm run dev
And in another:
npm run httpsworker
Now a DNS over HTTPS worker is started on 3001 (HTTP side is 3000) listening for updates. To test, set the following
Firefox Trusted Recursive Resolver (TRR) values in
(do in separate profile if preferred):
2which makes Firefox try this DNS server before system fallback
https://localhost:3001/dns-queryto set the DNS over HTTPS URL
Now go do
about:networking and do a
DNS Lookup for
mywebsite.stackpath. You should see local IPs.
Deploy on EdgeEngine
src/index.ts to given CDN domain (e.g.
a1b2c3d4.stackpathcdn.com) and set
npm run build
dist/index.js and upload an EdgeEngine script in the StackPath portal. Also in
the portal, add
Delivery Domain for
mywebsite.stackpath. Then set the Firefox
network.trr.uri setting to the CDN
name and should work.