Unverified Commit e65bd3b8 authored by Gavin Brown's avatar Gavin Brown
Browse files

update readme

parent d1cdcb2f
......@@ -6,6 +6,7 @@ See:
This repository contains:
## `dohc.pl` (DoH client)
This script implements a simple dig-like DoH client using `Net::DNS` and `LWP`.
......@@ -19,16 +20,53 @@ $ dohc.pl OPTIONS
where `OPTIONS` can be any of the following (in any order):
* `QNAME` - query name. mandatory
* `QTYPE` - query type, any RR type supported by your version of `Net::DNS` will work. Defaults to `A` if unset.
* `QCLASS` - query class, defaults to `IN`
* `URL` - this may be either a fully-qualified URL such as `https://example.com/dns-query` or a string of the form
````
@example.com
````
This will get turned into the HTTPS URL above.
The full DNS response will be printed to `STDOUT`.
## `dohd.pl` (DoH server)
This script implements a simple DoH swerver using `Net::DNS` and `HTTP::Daemon`. You will need to put something in front of it to do SSL termination.
This script implements a simple DoH server using `Net::DNS` and `HTTP::Daemon`. You will need to put something in front of it to do SSL termination.
Usage:
```
$ dohd.pl OPTIONS
```
where `OPTIONS` can be any of the following (in any order):
* `--addr=ADDR` - address to listen on, defaults to `127.0.0.1`
* `--port` - port to listen on, defaults to `8080`
* `--resolver` - DNS server to forward queries to, defaults to `127.0.0.1`
* `--debug` - enables debug mode for `HTTP::Daemon` and `Net::DNS::Resolver`
* `--daemon` - daemonise, otherwise, `dohd.pl` stays in the foreground.
### Supporting HTTPS and HTTP/2
The [DoH spec](https://tools.ietf.org/html/draft-ietf-doh-dns-over-https) makes support for HTTPS mandatory, and says that you SHOULD support HTTP/2.
This can be achieved fairly easily by using [nghttpx](https://nghttp2.org/documentation/nghttpx.1.html) as a reverse proxy sitting in front of `dohd.pl`, using the following command:
```
nghttpx -b 127.0.0.1,8080 -f 127.0.0.1,4430 server.key server.crt
```
The above command will accept HTTP/2 connections over HTTPS on 127.0.0.1 port 4430 and forward them as HTTP/1.1 connections to 127.0.0.1 port 8080.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment