Giters

cnmade / rust-doh-proxy

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

rust-doh-proxy

Simple and super useful DNS over HTTPS proxy server. Mostly an exercise to learn more async/await in Rust, but stable enough that I'm using this as the only DNS server on my home network.

What's new

  • update to tokio 1.20 [ the latest]
  • update request to 0.11 [almost the latest]

Introduction

In short this app listens on normal/legacy DNS UDP and TCP sockets on the local network. It proxies to an upstream DNS over HTTPS server and caches the results. Also supports simple forward and reverse host/IP mappings to allow authorative lookups on a local domain.

Tech Stack:

  • tokio Asnyc I/O runtime for rust. Using this directly to do async file I/O, TCP and UDP sockets, timers, and timeouts.
  • trust-dns-proto a nice library for marshalling and umarshalling binary DNS messages to Rust DTOs. Ignoring the warning that this library should not be used directly. :)
  • RFC8484 DNS over HTTPS protocol for upstream requests.
  • reqwest HTTP client. This does HTTP2, is based on hyper (which is based on tokio), and supports async/await.
  • lru LRU cache.

How do I run this?

After building with cargo, you can run the app as follows. Since this is using env_logger need to set RUST_LOG variable to get log output:

export RUST_LOG=debug; cargo run ./config/config.json
# 下面适用于你已经编译好了可执行文件
RUST_LOG=debug ./target/debug/rust-doh-proxy ./config/config.json

If all is well you will see these logs that the app is listening on 127.0.0.1:10053.

[INFO  rust_doh_proxy::doh::udpserver] listening on udp 127.0.0.1:10053
[INFO  rust_doh_proxy::doh::tcpserver] listening on tcp 127.0.0.1:10053

Then you can use dig for example to make a DNS query to the app:

dig -p 10053 @127.0.0.1 google.com

Normally DNS uses a privileged port 53. In this example this app is using unprivileged port 10053 to run as a normal user. The listen address and port are configurable in the configuration json file.

To use this app as a DNS server that serves requests on port 53, I use nftables on linux with a redirect rule to redirect incoming requests on port 53 to port 10053.

Configuration

See config directory for examples.

Systemd

See systemd directory for an example user unit file.

Cross compile

Using cross to compile for x86_64 Linux on MacOS:

cross build --target x86_64-unknown-linux-gnu --release

About

License:GNU Affero General Public License v3.0

Languages

Language:Rust 100.0%