A lightweight DNS-over-HTTPS ("DOH") proxy written in Rust.
DNS-over-HTTPS is a lightweight proxy that will securely forward any requests to a DNS-over-HTTPS resolver such as Cloudflare.
Current version: 0.2.0
Supported Rust version: 1.31
Download the latest binary for your architecture from the releases page.
Usage: dns-over-https [OPTIONS]
Options:
-b, --bind <IP:port> Listen for DNS requests on the addresses and ports [default: 127.0.0.1:53]
-u, --upstream-urls <URL> URL(s) of upstream DNS-over-HTTPS service [default: https://1.1.1.1/dns-query]
-v, --verbosity <level> Verbosity level [default: info] [possible values: off, error, warn, info, debug, trace]
--service Windows only: Run as a service
-h, --help Print help
-V, --version Print version
To use DNS-over-HTTPS to encrypt your DNS requests on Windows, download and install the latest release.
Or you can install it using cargo, assuming you have Rust installed:
cargo install dns-over-httpsThe binary will be installed in C:\Users\<username>\.cargo\bin\dns-over-https.exe.
Open a powershell terminal with administrative privileges and input command New-Service to create a new service,
- Name:
dns-over-https - BinaryPathName:
C:\Users\<username>\.cargo\bin\dns-over-https.exe -b 127.0.0.1:53 -b [::1]:53 --service
Start the service: Input command services from start menu, open Services window, start the service dns-over-https.
Modify the DNS server address in the network adapter settings to 127.0.0.1(IPv4) and ::1(IPv6).
Done.
To use DNS-over-HTTPS to encrypt your DNS requests on a Pi-Hole, download and install the latest release:
pi@raspberrypi:~ $ wget https://github.com/ssrlive/dns-over-https/releases/latest/download/dns-over-https-arm-unknown-linux-gnueabihf.zip
pi@raspberrypi:~ $ unzip dns-over-https-arm-unknown-linux-gnueabihf.zip
pi@raspberrypi:~ $ sudo mv dns-over-https /usr/local/bin/You can confirm dns-over-https is working properly by asking for the current version:
pi@raspberrypi:~ $ dns-over-https --version
dns-over-https 0.2.0You can then configure dns-over-https to run as a Systemd service that listens on port 5053 and forwards requests to Cloudflare's DNS-over-HTTPS resolvers.
First, create a system user for dns-over-https:
pi@raspberrypi:~ $ sudo adduser --system --no-create-home dns-over-httpsThen write out a Systemd unit file:
pi@raspberrypi:~ $ sudo tee /lib/systemd/system/dns-over-https.service <<EOF
[Unit]
Description=dns-over-https
After=syslog.target network-online.target
[Service]
Type=simple
User=dns-over-https
ExecStart=/usr/local/bin/dns-over-https -b 127.0.0.1:5053 -u https://1.1.1.1/dns-query -u https://1.0.0.1/dns-query
Restart=on-failure
RestartSec=10
KillMode=process
[Install]
WantedBy=multi-user.target
EOFYou can now start up dns-over-https and check it is running:
pi@raspberrypi:~ $ sudo systemctl enable dns-over-https
pi@raspberrypi:~ $ sudo systemctl start dns-over-https
pi@raspberrypi:~ $ sudo systemctl status dns-over-httpsFinally, you can change your Pi-Hole configuration to use 127.0.0.1#5053 as its sole upstream DNS server and confirm your requests are now secure by using Cloudflare's connection information page.
Copyright © 2024-2024 @ssrlive Copyright © 2018-2019 Paul Mucur
Distributed under the MIT License.
