Skip to content

dns-inspector/dnsproxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

78 Commits
.github
.github
 
 
cmd
cmd
 
 
monitoring
monitoring
 
 
package
package
 
 
.gitignore
.gitignore
 
 
10-udpbuf.conf
10-udpbuf.conf
 
 
COPYING
COPYING
 
 
README.md
README.md
 
 
config.go
config.go
 
 
config_test.go
config_test.go
 
 
control_zone.go
control_zone.go
 
 
dns_length.go
dns_length.go
 
 
dnsproxy.conf
dnsproxy.conf
 
 
dnsproxy.go
dnsproxy.go
 
 
dnsproxy.version
dnsproxy.version
 
 
dnsproxy_test.conf
dnsproxy_test.conf
 
 
dnsproxy_test.go
dnsproxy_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
http.go
http.go
 
 
http_test.go
http_test.go
 
 
https.go
https.go
 
 
https_test.go
https_test.go
 
 
log.go
log.go
 
 
quic.go
quic.go
 
 
release.sh
release.sh
 
 
requestlog.go
requestlog.go
 
 
run.sh
run.sh
 
 
tls.go
tls.go
 
 
tls_test.go
tls_test.go
 
 

Repository files navigation

dnsproxy

dnsproxy is a server that proxies DNS over TLS, DNS over HTTPS, and DNS over Quic requests to a standard DNS server.

Usage

dnsproxy is intended to directly face the internet and should be able to bind to the correct ports (443, 853). dnsproxy requires a TLS certificate and private key. DNS over TLS and DNS over Quic requires a TLS certificate with an IP Address subject alternate name.

Usage dnsproxy <mode> [options]

Modes:
config     Print out the default configuration to stdout and exit
server     Start the dnsproxy server
test       Validate the dnsproxy configuration. Print any errors to stderr. Exits with 0 if valid.

Options:
-c --config <value>      Specify the path to the config file. Only used in server and test mode.

Signals:
USR1       Rotate the log file by appending yesterdays date to the file name and start a new file
USR2       Reload the configuration without restarting the process

Configuration

dnsproxy is configured using a configuration file. To generate a default configuration file, run dnsproxy config.

Control Hosts

dnsproxy offers a small number of "control" hosts which do not proxy to the DNS server but instead return specific data. The zone of these records is specified by the control_zone property in the dnsproxy configuration file.

RR Type Name Reply Description
TXT ip.<control_zone> Returns your connecting IP address as seen by the dnsproxy server.
TXT uuid.<control_zone> Returns a random v4 UUID.
TXT time.<control_zone> Returns the current UTC time in RFC3339 format.
TXT version.<control_zone> Returns the current version of dnsproxy.

Monitoring

dnsproxy can act as a Zabbix agent. When the zabbix_server configuration property is set, it will send the following metrics every minute:

Item Key Description
server.state Will always be 1 so long as dnsproxy is running.
panic.recover The number of panics that have been recovered from within the last minute.
query.doh.forward The number of DNS over HTTPS queries that have been forwarded.
query.dot.forward The number of DNS over TLS queries that have been forwarded.
query.doq.forward The number of DNS over Quic queries that have been forwarded.
query.doh.error The number of DNS over HTTPS queries that failed.
query.dot.error The number of DNS over TLS queries that failed.
query.doq.error The number of DNS over Quic queries that failed.

License

dnsproxy is free and open source software governed by the terms of the GNU General Public License v3.

About

Proxy server for DNS over HTTP and TLS

dns-inspector.com/dns.html

Topics

dns dns-over-https dns-over-tls

Resources

Readme

License

GPL-3.0 license

Security policy

Security policy
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 11

1.2.1 Latest
Sep 14, 2025
+ 10 releases

Contributors 2

  •  
  •  

Languages