Home

Awesome

dnoxy

A DNS-over-HTTPS client proxy and server with Cloudflare compatible interfaces, dnoxy (pronounced "d-NOX-y") is a collection of services for running a DNS-over-HTTPS server, and a local network DNS proxy for those servers.

Note: This is proof of concept code, and should not be relied upon for production use. If you're interested in communicating with existing DNS-over-HTTPS servers—such as those run by Cloudflare or Google—you should look at secure-operator.

Right now, dnoxy has two components:

A simplified deployment would be:

           dns req                | http req |                 dns req
+--------+         +-----------+  |          |  +------------+         +------------+
| client | ------> | dnoxy-dns | -------------> | dnoxy-http | ------> | dns server |
+--------+         +-----------+  |          |  +------------+         +------------+
        Local Network             | Internet |             Remote Network

Of course, that's no better than current DNS since it's unencrypted, and no caching would be performed; but these services are meant to be no more than building blocks. You would pair dnoxy-dns with a caching DNS server like dnsmasq, and dnoxy-http with an HTTPS terminator proxy like nginx.

Building

Dockerfiles are included for the DNS and HTTP components; to build:

# dns component
docker build -t dnoxy-dns:latest -f Dockerfile-dns
# http component
docker build -t dnoxy-http:latest -f Dockerfile-http

Dependencies are managed with Go 1.11+ modules; to install without Docker:

go mod download
go install -v ./...

License

   Copyright 2019 Nathan Wittstock

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0