{"id":17225548,"url":"https://github.com/v-byte-cpu/coredns-https","last_synced_at":"2025-04-14T00:53:53.479Z","repository":{"id":57778445,"uuid":"527176219","full_name":"v-byte-cpu/coredns-https","owner":"v-byte-cpu","description":"A CoreDNS plugin that performs DNS-over-HTTPS proxying","archived":false,"fork":false,"pushed_at":"2022-08-23T00:21:38.000Z","size":42,"stargazers_count":28,"open_issues_count":4,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-27T14:55:26.536Z","etag":null,"topics":["coredns","dns","doh","forward","proxy"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/v-byte-cpu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-08-21T10:42:45.000Z","updated_at":"2025-03-05T05:18:28.000Z","dependencies_parsed_at":"2022-08-27T12:52:11.502Z","dependency_job_id":null,"html_url":"https://github.com/v-byte-cpu/coredns-https","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fcoredns-https","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fcoredns-https/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fcoredns-https/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/v-byte-cpu%2Fcoredns-https/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/v-byte-cpu","download_url":"https://codeload.github.com/v-byte-cpu/coredns-https/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248804784,"owners_count":21164131,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coredns","dns","doh","forward","proxy"],"created_at":"2024-10-15T04:13:52.678Z","updated_at":"2025-04-14T00:53:53.457Z","avatar_url":"https://github.com/v-byte-cpu.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# https\n\n[![Build Status](https://cloud.drone.io/api/badges/v-byte-cpu/coredns-https/status.svg)](https://cloud.drone.io/v-byte-cpu/coredns-https)\n[![GoReportCard Status](https://goreportcard.com/badge/github.com/v-byte-cpu/coredns-https)](https://goreportcard.com/report/github.com/v-byte-cpu/coredns-https)\n[![GitHub release](https://img.shields.io/github/v/release/v-byte-cpu/coredns-https)](https://github.com/v-byte-cpu/coredns-https/releases/latest)\n\n**https** is a [CoreDNS](https://github.com/coredns/coredns) plugin that proxies DNS messages to upstream resolvers using DNS-over-HTTPS protocol. See [RFC 8484](https://tools.ietf.org/html/rfc8484).\n\n## Installation\n\nExternal CoreDNS plugins can be enabled in one of two ways:\n  1. [Build with compile-time configuration file](https://coredns.io/2017/07/25/compile-time-enabling-or-disabling-plugins/#build-with-compile-time-configuration-file)\n  2. [Build with external golang source code](https://coredns.io/2017/07/25/compile-time-enabling-or-disabling-plugins/#build-with-external-golang-source-code)\n\nMethod #1 can be quickly described using a sequence of the following commands:\n\n```\ngit clone --depth 1 https://github.com/coredns/coredns.git\ncd coredns\ngo get github.com/v-byte-cpu/coredns-https\necho \"https:github.com/v-byte-cpu/coredns-https\" \u003e\u003e plugin.cfg\ngo generate\ngo mod tidy -compat=1.17\ngo build\n```\n\n## Syntax\n\nIn its most basic form:\n\n~~~\nhttps FROM TO...\n~~~\n\n* **FROM** is the base domain to match for the request to be proxied.\n* **TO...** are the destination endpoints to proxy to. The number of upstreams is\n  limited to 15.\n\nMultiple upstreams are randomized (see `policy`) on first use. When a proxy returns an error\nthe next upstream in the list is tried.\n\nExtra knobs are available with an expanded syntax:\n\n~~~\nhttps FROM TO... {\n    except IGNORED_NAMES...\n    tls CERT KEY CA\n    tls_servername NAME\n    policy random|round_robin|sequential\n}\n~~~\n\n* **FROM** and **TO...** as above.\n* **IGNORED_NAMES** in `except` is a space-separated list of domains to exclude from proxying.\n  Requests that match none of these names will be passed through.\n* `tls` **CERT** **KEY** **CA** define the TLS properties for TLS connection. From 0 to 3 arguments can be\n  provided with the meaning as described below\n\n  * `tls` - no client authentication is used, and the system CAs are used to verify the server certificate (by default)\n  * `tls` **CA** - no client authentication is used, and the file CA is used to verify the server certificate\n  * `tls` **CERT** **KEY** - client authentication is used with the specified cert/key pair.\n    The server certificate is verified with the system CAs\n  * `tls` **CERT** **KEY**  **CA** - client authentication is used with the specified cert/key pair.\n    The server certificate is verified using the specified CA file\n\n* `policy` specifies the policy to use for selecting upstream servers. The default is `random`.\n\n\n## Metrics\n\nIf monitoring is enabled (via the *prometheus* plugin) then the following metric are exported:\n\n* `coredns_https_request_duration_seconds{to}` - duration per upstream interaction.\n* `coredns_https_requests_total{to}` - query count per upstream.\n* `coredns_https_responses_total{to, rcode}` - count of RCODEs per upstream.\n  and we are randomly (this always uses the `random` policy) spraying to an upstream.\n\n## Examples\n\nProxy all requests within `example.org.` to a DoH nameserver:\n\n~~~ corefile\nexample.org {\n    https . cloudflare-dns.com/dns-query\n}\n~~~\n\nForward everything except requests to `example.org`\n\n~~~ corefile\n. {\n    https . dns.quad9.net/dns-query {\n        except example.org\n    }\n}\n~~~\n\nLoad balance all requests between multiple upstreams\n\n~~~ corefile\n. {\n    https . dns.quad9.net/dns-query cloudflare-dns.com:443/dns-query dns.google/dns-query\n}\n~~~\n\nInternal DoH server:\n\n~~~ corefile\n. {\n    https . 10.0.0.10:853/dns-query {\n      tls ca.crt\n      tls_servername internal.domain\n    }\n}\n~~~","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fv-byte-cpu%2Fcoredns-https","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fv-byte-cpu%2Fcoredns-https","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fv-byte-cpu%2Fcoredns-https/lists"}