| author | Alberto Bertogli
<albertito@blitiri.com.ar> 2018-07-21 12:00:26 UTC |
| committer | Alberto Bertogli
<albertito@blitiri.com.ar> 2018-07-21 12:00:26 UTC |
| parent | ee1975e5144cc2f9bf0613dd1ca36595fcf17fca |
| README.md | +36 | -0 |
diff --git a/README.md b/README.md index 54ab4b8..9e15b32 100644 --- a/README.md +++ b/README.md @@ -57,3 +57,39 @@ sudo cp $GOPATH/src/blitiri.com.ar/go/dnss/etc/systemd/dns-to-https/* \ sudo systemctl dnss enable ``` + + +## Examples + +### DNS server (proxy mode) + +Listens on port 53 for DNS queries, resolves them using the given HTTPS URL. + +``` +# Use the default HTTPS URL (currently, dns.google.com): +dnss -enable_dns_to_https + +# Use Cloudflare's 1.1.1.1: +dnss -enable_dns_to_https -https_upstream="https://1.1.1.1/dns-query" + +# Use Google's dns.google.com: +dnss -enable_dns_to_https -https_upstream="https://dns.google.com/resolve" +``` + +### HTTPS server + +Receives DNS over HTTPS requests, resolves them using the machine's configured +DNS servers, and returns the replies. You will need to have certificates for +the domains you want to serve. + +Supports both DoH and JSON modes automatically, and the endpoints are +`/dns-query` and `/resolve`. + +``` +# Serve DNS over HTTPS requests, take certificates from letsencrypt. +DOMAIN=yourdomain.com +dnss -enable_https_to_dns \ + -https_key=/etc/letsencrypt/live/$DOMAIN/privkey.pem \ + -https_cert=/etc/letsencrypt/live/$DOMAIN/fullchain.pem +``` +