A DNS proxy which supports DNS over TLS
This is a DNS stub resolver which reads the input and resolves the address by sending it over to the Cloudflare's DNS over TLS DNS resolver.
Note: This is not 100% complete yet, but will be done soonish.
As of now, it has been only tested with nc. Also it is written just
for testing purpose. And hence it can not be used with real world
application yet.
On a Linux machine build the static binary by running the make build
And then run the binary ./dot-resolver
You can test it by using below command.
echo "example.com" | nc localhost 53Ideally in a Kubernetes environment, this should run as a side car which takes the DNS name and resolves it using DNS over TLS. And the application container should be configured to use localhost as the DNS resolver.
This can also work on host by running as a daemon set.
- This doesn't handle the certificates properly yet.
- Handle the DNS queries properly and also listen on UDP.
- Return all addresses returned by the upstream DNS resolver.
- Use caching to improve performace.
- Handle SRV requetes as well.
- Use multiple upstream resolver (like Google DNS etc)
- Make the listen port and address configurable.
- Improve perf by using long lived tcp connection to upstream