- demo on dnsmasq + sniproxy
remark: netflix.com
is picked as an example. but it is incomplete for bypass geo-restriction
- start docker containers
docker-compose up -d
- test dnqmasq overriding
➜ docker-dnsmasq-sniproxy host netflix.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
netflix.com has address 127.0.0.1
- test sniproxy tunneling/forwarding (without TLS termination)
➜ docker-dnsmasq-sniproxy curl -v --resolve netflix.com:443:127.0.0.1 https://netflix.com
* Added netflix.com:443:127.0.0.1 to DNS cache
* Hostname netflix.com was found in DNS cache
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to netflix.com (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
- set up per-domain resolver overriding on macOS
sudo mkdir /etc/resolver
cat 'nameserver 127.0.0.1' > /etc/resolver/netflix.com
- test sniproxy tunneling/forwarding (after per-domain resolver overriding on macOS)
➜ docker-dnsmasq-sniproxy curl -v https://netflix.com
* Hostname netflix.com was found in DNS cache
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to netflix.com (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1