Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

dnsdist is AMAZINGLY easy to set up as a secure local resolver that forwards all queries to DoH (and checks SSL) and checks liveliness every second

I need to do a write-up one day



Please do. I'd be curious what a secure-by-default self hosted resolver would look like.


For what it may be worth, here's a most basic (but fully working) config for running Unbound as a DoT-only forwarder:

  server:
      logfile: ""
      log-queries: no
  
      # adjust as necessary
      interface: 127.0.0.1@53
      access-control: 127.0.0.0/8 allow
  
      infra-keep-probing: yes
  
      tls-system-cert: yes
  
  forward-zone:
      name: "."
      forward-tls-upstream: yes
      forward-addr: 9.9.9.9@853#dns.quad9.net
      forward-addr: 193.110.81.9@853#zero.dns0.eu
      forward-addr: 149.112.112.112@853#dns.quad9.net
      forward-addr: 185.253.5.9@853#zero.dns0.eu




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: