https://github.com/dns-inspector/dnsproxy

Proxy server for DNS over HTTP and TLS
https://github.com/dns-inspector/dnsproxy

dns dns-over-https dns-over-tls

Last synced: about 1 month ago
JSON representation

Proxy server for DNS over HTTP and TLS

• Host: GitHub
• URL: https://github.com/dns-inspector/dnsproxy
• Owner: dns-inspector
• License: gpl-3.0
• Created: 2024-08-28T01:09:13.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2026-01-17T04:27:08.000Z (5 months ago)
• Last Synced: 2026-01-17T17:17:52.496Z (4 months ago)
• Topics: dns, dns-over-https, dns-over-tls
• Language: Go
• Homepage: https://dns-inspector.com/dns.html
• Size: 116 KB
• Stars: 4
• Watchers: 1
• Forks: 2
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: COPYING
  • Security: .github/SECURITY.md

Awesome Lists containing this project

README

          
# dnsproxy

dnsproxy is a server that proxies DNS over TLS, DNS over HTTPS, and DNS over Quic requests to a

standard DNS server.

## Usage

dnsproxy is intended to directly face the internet and should be able to bind to the correct ports

(443, 853). dnsproxy requires a TLS certificate and private key. DNS over TLS and DNS over Quic

requires a TLS certificate with an IP Address subject alternate name.

```

Usage dnsproxy  [options]

Modes:

config     Print out the default configuration to stdout and exit

server     Start the dnsproxy server

test       Validate the dnsproxy configuration. Print any errors to stderr. Exits with 0 if valid.

Options:

-c --config       Specify the path to the config file. Only used in server and test mode.

Signals:

USR1       Rotate the log file by appending yesterdays date to the file name and start a new file

USR2       Reload the configuration without restarting the process

```

### Configuration

dnsproxy is configured using a configuration file. To generate a default configuration file, run

`dnsproxy config`.

### Control Hosts

dnsproxy offers a small number of "control" hosts which do not proxy to the DNS server but instead

return specific data. The zone of these records is specified by the `control_zone` property in the

dnsproxy configuration file.

|RR Type|Name|Reply Description|

|-|-|-|

|TXT|`ip.`|Returns your connecting IP address as seen by the dnsproxy server.|

|TXT|`uuid.`|Returns a random v4 UUID.|

|TXT|`time.`|Returns the current UTC time in RFC3339 format.|

|TXT|`version.`|Returns the current version of dnsproxy.|

### Monitoring

dnsproxy can act as a Zabbix agent. When the `zabbix_server` configuration property is set, it will

send the following metrics every minute:

|Item Key|Description|

|-|-|

|`server.state`|Will always be `1` so long as dnsproxy is running.|

|`panic.recover`|The number of panics that have been recovered from within the last minute.|

|`query.doh.forward`|The number of DNS over HTTPS queries that have been forwarded.|

|`query.dot.forward`|The number of DNS over TLS queries that have been forwarded.|

|`query.doq.forward`|The number of DNS over Quic queries that have been forwarded.|

|`query.doh.error`|The number of DNS over HTTPS queries that failed.|

|`query.dot.error`|The number of DNS over TLS queries that failed.|

|`query.doq.error`|The number of DNS over Quic queries that failed.|

## License

dnsproxy is free and open source software governed by the terms of the GNU General Public License

v3.