An implementation of RFC 8484 - DNS Queries over HTTPS (DoH). Host your own DoH web service using ASP.NET 7 Runtime that can transform any DNS server to be accessible via the DoH standard protocol.
- Requires .NET 7 installed. Install Hosting Bundle for running on Microsoft IIS web server.
- Windows, Linux and macOS supported.
- Cross-Platform: doh-aspnetcore.zip
- Windows:
- Download the
doh-aspnetcore.zip
zip file. - Edit the
appsettings.json
file in notepad to set the DNS server of your choice. - Install the DoH app on Windows IIS web server by creating a new website and extracting the
doh-aspnetcore.zip
zip file into the wwwroot folder of the website. - Configure SSL certificate on IIS for the website so that the service works over HTTPS.
Note: You can also run the DNS-over-HTTPS.exe
to directly run the DoH console app with built in web server for quick testing.
- Linux:
- Download and extract
doh-aspnetcore.zip
zip file to/var/aspnetcore/doh
sudo mkdir -p /var/aspnetcore/doh
cd /var/aspnetcore/doh
sudo wget https://download.technitium.com/doh/doh-aspnetcore.zip
sudo unzip doh-aspnetcore.zip
- Edit the
appsettings.json
file in nano to set the DNS server of your choice.
sudo nano appsettings.json
- Install the DoH app as a systemd daemon:
sudo cp systemd.service /etc/systemd/system/doh.service
sudo systemctl enable doh
sudo systemctl start doh
- Make sure that the DoH daemon is running without issues by running:
journalctl --unit doh --follow
- Configure a reverse proxy using a web server like nginx that does the SSL termination for the DoH service. Install the nginx web server using:
sudo apt-get -y install nginx
Create a config file for your domain name at /etc/nginx/sites-enabled/doh.example.com
with the config shown below. Save the certificate and key files to path given as in the config.
server {
listen 443 ssl;
server_name doh.example.com;
ssl_certificate /etc/nginx/ssl/doh-server.crt;
ssl_certificate_key /etc/nginx/ssl/doh-server.key;
location / {
proxy_pass http://127.0.0.1:8053;
}
}
Reload nginx web server to finish the configuration.
sudo service nginx reload
Note: You can also run dotnet DNS-over-HTTPS.dll
command to directly run the DoH console app for quick testing.
The DoH service is available on the /dns-query
location on the web site that you are running. If you are running it directly as a console app then your DoH end point URL will be http://localhost:5000/dns-query
. For Linux systemd daemon, the DoH end point will be http://localhost:8053/dns-query
as per the argument provided in the systemd.service file.
Configuring DNS-over-TLS and DNS-over-HTTPS with any DNS Server
For support, send an email to support@technitium.com. For any issues, feedback, or feature request, create an issue on GitHub.
Make contribution to Technitium by becoming a Patron and help making new software, updates, and features possible.