Go to file
2019-04-11 00:09:42 -04:00
http-doh-listener Add http-doh-listener implementing DoH listener with spring boot 2019-03-14 01:21:17 -04:00
jDnsProxy Resolver implements AutoCloseable 2019-04-11 00:09:42 -04:00
xmpp-dox Re-factor and document Resolver 2019-03-14 02:04:25 -04:00
.gitignore Re-factor into a multi-module maven project 2019-03-12 22:15:04 -04:00
.travis-settings.xml Add .travis.yml 2018-03-23 00:49:22 -04:00
.travis.yml Update pom and travis build 2019-03-12 22:38:18 -04:00
jdnsproxy.properties Implement persistant caching to disk on an interval 2018-03-10 01:10:25 -05:00
LICENSE.txt Switch license to MIT 2018-03-22 22:28:34 -04:00
pom.xml Add http-doh-listener implementing DoH listener with spring boot 2019-03-14 01:21:17 -04:00
readme.md Add xmpp-dox module, support xmpp:// listeners/resolvers 2019-03-13 00:49:50 -04:00

jDnsProxy

Simple fast and lightweight DNS proxy and cache that listens on TCP or UDP ports and relays the request to various upstream DNS-over-TCP, DNS-over-TLS, or DNS-over-HTTPS servers, optionally over http or socks proxies (like tor), and optionally pinning public keys for complete TLS security. Implements a simple response cache respecting TTLs but also implementing proper Serve-Stale functionality.

This should support any current and future DNS record generically, as well as providing full DNSSEC support if upstream resolvers do.

Sample/default configuration is in jdnsproxy.properties and should be documented clearly there.

Build/run like so:

mvn clean package
java -jar jDnsProxy/target/jDnsProxy.jar ./jdnsproxy.properties

# or with xmpp:// listener+resolver support:
java -cp jDnsProxy/target/jDnsProxy.jar:xmpp-dox/target/xmpp-dox.jar com.moparisthebest.dns.DnsProxy xmpp-dox/jdnsproxy.xmpp.resolver.properties

Implemented specs:

Use these for quick testing:

dig -p5353 @127.0.0.1 debian.org +tries=1 +retry=0 +tcp
dig -p5353 @127.0.0.1 debian.org +tries=1 +retry=0 +tcp +dnssec

dig -p5353 @127.0.0.1 debian.org +tries=1 +retry=0
dig -p5353 @127.0.0.1 debian.org +tries=1 +retry=0 +dnssec

And use this to extract TLS public keys in pinning format:

openssl s_client -connect 'dns.google.com:443' 2>&1 < /dev/null | sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey | openssl asn1parse -noout -inform pem -out /dev/stdout | openssl dgst -sha256 -binary | openssl base64

License

MIT License, refer to LICENSE.txt