Use Haproxy or NGINX as Dns-over-HTTPS | DNS-over-TLS | DNSCrypt(not Haproxy) | Plain DNS Server
!!! denylist.rpz and allowlist.rpz are made for my private use and will cause problem with some domain !!!
denylist.rpz and allowlist.rpz now moved to dedicated repository but still cause problem
Query
Dns-over-TLS
---------------------> Haproxy(Frontend) ----------------------------->
Cluster Listen(TCP/443/853)
---------------------> (HTTP/443) -------> m13253/DOH -------> Knot-resolver
Dns-over-HTTPS Listen(global/dns)Listen(Local/dns)
DNSCrypt v2
---------------------> jedisct1/Encrypted DNS Server ------------------->
Listen(TCP/UDP/8443)
or NGINX
Query
Dns-over-TLS
---------------------> NGINX(Frontend) ----------------------------->
Cluster Listen(TCP/853)
---------------------> (HTTP/443) -------> m13253/DOH -------> Knot-resolver
Dns-over-HTTPS Listen(global/dns)Listen(Local/dns)
DNSCrypt v2
---------------------> jedisct1/Encrypted DNS Server ------------------->
Listen(TCP/UDP/8443)
- knot-resolver Recommended using upstream repository on debian
- download-filters.sh Recommended if you want to download all the default filters used in kresd.conf(knot-resolver configuration)
- jedisct1/Encrypted-dns-server Recommended if you are looking for an easy way to start a DNSCrypt server
- Mozilla ssl-config Recommended if you are looking for a sample TLS/SSL configuration for your Server Software
- AdGuardHome or Pi-hole Recommended in case your blocklist are big {my big is around 10MB ++} and RAM is your limitation .
- use AdGuardHome or Pi-hole instead of Knot-Resolver Recommended if you already forwarded all requests to Third-Party(e.g. quad9)
- not open Port 53 to the world Recommended if your dns server is only for private use or internal use, cause you'll get chance of getting flood from unknown party
Mirror n Fork Repository might not up-to-date with main repository