mirror of
https://github.com/DNSCrypt/doh-server.git
synced 2025-04-03 21:17:36 +03:00
up
This commit is contained in:
Frank Denis
parent
5c369fc610
commit
fd1081e0b0
2 changed files with 9 additions and 4 deletions
11
README.md
11
README.md
|
|
@ -1,6 +1,6 @@
|
|||
# doh-proxy
|
||||
|
||||
A fast and secure DoH (DNS-over-HTTPS) server.
|
||||
A fast and secure DoH (DNS-over-HTTPS) and ODoH (Oblivious DoH) server.
|
||||
|
||||
`doh-proxy` is written in Rust, and has been battle-tested in production since February 2018. It doesn't do DNS resolution on its own, but can sit in front of any DNS resolver in order to augment it with DoH support.
|
||||
|
||||
|
|
@ -29,12 +29,11 @@ cargo install doh-proxy --no-default-features
|
|||
## Usage
|
||||
|
||||
```text
|
||||
A DNS-over-HTTPS (DoH) proxy
|
||||
|
||||
USAGE:
|
||||
doh-proxy [FLAGS] [OPTIONS]
|
||||
|
||||
FLAGS:
|
||||
-O, --allow-odoh-post Allow POST queries over ODoH even with they have been disabed for DoH
|
||||
-K, --disable-keepalive Disable keepalive
|
||||
-P, --disable-post Disable POST queries
|
||||
-h, --help Prints help information
|
||||
|
|
@ -109,6 +108,12 @@ It also provides DNS caching, server-side filtering, metrics, and TCP connection
|
|||
|
||||
Unless the front-end is a CDN, an ideal setup is to use `doh-proxy` behind `Encrypted DNS Server`.
|
||||
|
||||
## Oblivious DoH (ODoH)
|
||||
|
||||
Oblivious DoH is similar to Anonymized DNSCrypt, but for DoH. It requires relays, but also upstream DoH servers that support the protocol.
|
||||
|
||||
This proxy supports ODoH termination (not relaying) out of the box.
|
||||
|
||||
## Operational recommendations
|
||||
|
||||
* DoH can be easily detected and blocked using SNI inspection. As a mitigation, DoH endpoints should preferably share the same virtual host as existing, popular websites, rather than being on dedicated virtual hosts.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue