dnsproxy
doh-cf-workers
Our great sponsors
dnsproxy | doh-cf-workers | |
---|---|---|
56 | 31 | |
2,179 | 351 | |
2.9% | - | |
8.3 | 5.3 | |
6 days ago | 2 months ago | |
Go | JavaScript | |
Apache License 2.0 | BSD Zero Clause License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dnsproxy
- AdGuard Simple DNS Proxy with DoH, DoT, DoQ and DNSCrypt Support
-
Adguard adblocker vs Adguard DNS?
There's no difference between the free and freemium in regards to customizability while using VPN since both offer DoT endpoints. On Android, with the standard WireGuard & OpenVPN app you can use any DoT provider you want since the Android Private DNS setting takes precedence over the DNS settings in the VPN app. In Windows you can run https://github.com/AdguardTeam/dnsproxy locally, that way the VPN won't intercept and modify the local DNS traffic (the DNS upstream still goes through the VPN, but if you use DoT/DoH/DoQ then it continues to the DNS server you prefer).
-
VPN recommendation with DoH or DoQ
Which OS is this? In Android the Private DNS (DoT) setting is respected by some clients like the standard WireGuard & OpenVPN, so you can just load any provider's config and enter your personal DoT address. In iOS Passepartout can accept WG/OpenVPN config and apply custom DoH, as for desktop OS you can just run https://github.com/AdguardTeam/dnsproxy forwarding to your DoH/DoQ address and set the VPN interface to use localhost as DNS.
-
Privacy threat: needing to choose between VPN and DNS
If it's on a desktop/laptop, you can run https://github.com/AdguardTeam/dnsproxy to forward into your NextDNS DoH/DoT/DoQ, and set your VPN network adapter to use 127.0.0.1, 127.0.0.2, ::1 and ::2 for DNS (the secondary entry either loopback or fail entirely, all it matters is your OS shouldn't try other address), that way since local traffic isn't routed by the VPN, you still get NextDNS (the actual DoH/DoT/DoQ traffic is still going through the VPN).
-
Adguard on windows blocking dns rewrite of adguard home
Why not set AdGuard Home (assuming it's indeed installed at your home) to use DoT/DoH/DoQ upstream (so your ISP can't redirect it) and have the rewrites in AGH too? If your AGH instance isn't at home, assuming you're using Windows 11 set your AGH to listen on DoH and set Windows to use DoH to your AGH. Otherwise use dnsproxy in Windows to forward it to your AGH through DoT/DoH/DoQ.
- ISP di Indonesia sudah bisa deteksi penggunaan DNS over HTTPS/TLS?
-
Adguard Home and DNS-over-HTTPS
I'm not sure what is your plan here, do you need the Surfshark feature specifically, or do you just want to hide your traffic from your ISP? If you need Surfshark (perhaps for streaming geoblocked content or torrenting), then integrating it with AGH hosted on the cloud for device-wide traffic is going to be complicated. The Surfshark client doesn't support custom DoH/DoT address nor IPv6 (opening public IPv4 Do53 is a big no-no, you'll get swamped for DNS amplification attack), so you'll need an app running on your device to redirect DNS traffic like https://github.com/AdguardTeam/dnsproxy to your cloud AGH. You'd need to setup DoH with a custom path through Nginx otherwise people would scan your server and use it, plus if Google's crawler sees the AGH login page it will mark it as deceptive, and your entire domain is blacklisted by the Safe Browsing API that's used on multiple products (Chrome, Firefox, AdGuard, NextDNS, etc). With all that hassle might as well just run AGH locally on your device anyway (local traffic isn't handled by VPNs)
-
Client Settings Cached?
Assuming you have a custom upstream, it's by design
-
Feature Requests: Force use QUIC or DoQ Protocol, AnyCast/Ultralow toggle settings
Since nextdns-cli isn't likely to support DoQ anytime soon, your best bet is dnsproxy and ctrld.
- Feature Request: Different DoH per network i.e. different NextDNS per network.
doh-cf-workers
-
Cloudflare DNS stopped working totally!
For desktop browser, just change the Secure DNS/DNS over HTTPS settings to one of the servers in https://github.com/curl/curl/wiki/DNS-over-HTTPS, if they're all blocked, create your own with https://github.com/tina-hello/doh-cf-workers. On Android use Intra to load custom DoH, and on iOS use https://dns.notjakob.com/ to create the DoH profile.
-
Public DNS resolver is blocked, way to bypass?
If Cloudflare Workers aren't blocked, you can use https://github.com/tina-hello/doh-cf-workers to forward to it, though it only work with DNS over HTTPS client (most desktop browsers, Windows 11, iOS, macOS, Intra on Android and YogaDNS on older Windows)
-
Ditching Normal DNS for Enhanced Safety: Zero Trust with DNS over HTTPS/TLS
DoH is another game entirely, even if you import the known DoH domains manually, anyone including dedicated kids, can create their own DoH proxy in minutes.
-
Encrypted DNS, what's the point?
Even those who weren't interested in self-hosting might spend a couple of minutes hosting their own DNS proxy since it's much more flexible and don't require root or dedicated port (at least with DoH).
-
Stop devices from using other DNS to bypass AdGuardHome?
While you can in turn block those DoH servers (and probably block port 853 too to stop the default DoT & DoQ traffic), there are ridiculous amount of public DoH servers available, partly because of how easy it is to self-host AGH and expose the DoH endpoint to the public. Anyone can even create their own in minutes.
-
Can't change DNS settings, can ISP block it?
Check if your router support DNS over TLS (DoT) or DNS over HTTPS (DoH), that would ignore the ISP filtering, assuming the ISP doesn't just block port 853 for DoT, or filtering well-known DoH server, in which case just setup your own.
-
Android phones can't connect if I block port 853 on router to stop others bypassing NextDNS
If you don't want to set up AGH at home or at a VPS, accept that the phones need to use the NextDNS/Nebulo/Intra/AdGuard app set to your NextDNS DoH endpoint while you block other providers, though this doesn't actually stop others from using their own/generic NextDNS, or even any provider if their DoH client support bootstrapping. Also, unless it's a seriously fancy router that analyzes traffic statistics, blocking DoH is merely using public list of DoH domains, anyone can create their DoH proxy which won't be blocked. Some routers have SNI filtering which can block websites regardless of the DNS used, but then you need to provide your own blocklist.
-
Subliminal Through Tor?
That's probably SNI filtering, but try other servers from https://adguard-dns.io/kb/general/dns-providers/ and https://github.com/curl/curl/wiki/DNS-over-HTTPS/ just in case, or make your own proxy on https://github.com/tina-hello/doh-cf-workers
-
Zero Trust:Block other DNS over HTTPS/TLS
If you want to go that route, keep in mind the entire Cloudflare Workers and Cloudflare Pages subdomains (workers.dev and pages.dev) can be used as free DoH proxy. Sure you can put the nuclear option, but it would break sites that do use them.
-
Filtering bypass.. I surrender? FEATURE REQUEST INSIDE
A purely DNS-based solution is bound to be easily bypassed, it's really simple to bootstrap the IP so there's no need to even use the network/OS DNS to resolve the custom DoH domain, with hundreds of publicly known DoH and trivial deployment of DoH forwarder you're fighting a losing game.
What are some alternatives?
Unbound - Unbound is a validating, recursive, and caching DNS resolver.
dns-server-setup - Ansible playbook to easily deploy new, fully configured, DNS servers.
mosdns - 一个 DNS 转发器
serverless-dns - The RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io
jp.tiar.app - jp.tiar.app
DoH
nextdns - NextDNS CLI client (DoH Proxy)
libcurl - A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features
wirehole - WireHole is a combination of WireGuard, Pi-hole, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities thanks to Pi-hole, and DNS caching, additional privacy options, and upstream providers via Unbound.
sdns - A high-performance, recursive DNS resolver server with DNSSEC support, focused on preserving privacy.
docker-cloudflared - Cloudflared proxy-dns Docker image