| author | Alberto Bertogli
<albertito@blitiri.com.ar> 2018-07-17 00:36:51 UTC |
| committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2018-07-17 00:44:19 UTC |
| parent | 38f7ea627939c89bf8bd1614746815d79be99dee |
| README.md | +20 | -38 |
diff --git a/README.md b/README.md index 5115537..12382a9 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,23 @@ # dnss -dnss is a tool for encapsulating DNS over HTTPS. +dnss is a daemon for using DNS over HTTPS. +It can act as a "DNS to HTTPS" proxy (the most common use case), and as a "DNS +over HTTPS" server in case you want end to end control. -## Quick start -If you're using Debian or Ubuntu, `apt install dnss` will install a dnss -instance already configured in DNS-over-HTTPS mode and using -https://dns.google.com as a server. +## Install +### Debian/Ubuntu -To do the same manually: +`$ apt install dnss` + +That installs a dnss instance already configured in proxy mode and ready to +go, using Google's public resolvers (and easily changed via configuration). + + +### Manual install ``` # If you have Go installed but no environment prepared, do: @@ -30,38 +36,14 @@ sudo cp $GOPATH/src/blitiri.com.ar/go/dnss/etc/systemd/dns-to-https/* \ sudo systemctl dnss enable ``` +## Supported protocols -## DNS to HTTPS proxy - -dnss can act as a DNS-to-HTTPS proxy, using https://dns.google.com as a -server, or anything implementing the same API, which is documented at -https://developers.google.com/speed/public-dns/docs/dns-over-https (note it's -in beta and subject to changes). - -``` -+--------+ +----------------+ +----------------+ -| | | dnss | | | -| client +-------> (dns-to-https) +--------> dns.google.com | -| | DNS | | | | -+--------+ UDP +----------------+ HTTP +----------------+ - SSL - TCP -``` - - -## HTTPS to DNS proxy - -dnss can also act as an HTTPS-to-DNS proxy, implementing the HTTP-based API -documented at -https://developers.google.com/speed/public-dns/docs/dns-over-https (note it's -in beta and subject to changes). - -You can use this instead of https://dns.google.com if you want more control -over the servers and the final DNS server used (for example if you are in an -isolated environment, such as a test lab or a private network). - - -## Alternatives +dnss supports the following encapsulation protocols, both in proxy and in +server modes: -https://dnscrypt.org/ is a great, more end-to-end alternative to dnss. +* JSON-based, as implemented by [dns.google.com](https://dns.google.com) + ([reference](https://developers.google.com/speed/public-dns/docs/dns-over-https)). +* [DNS Queries over HTTPS + (DoH)](https://tools.ietf.org/html/draft-ietf-doh-dns-over-https) proposed + standard (and implemented by [Cloudflare's 1.1.1.1](https://1.1.1.1/)).