Firefox DNS-over-HTTPS

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
  • dnscrypt-proxy

    dnscrypt-proxy 2 - A flexible DNS proxy, with support for encrypted DNS protocols.

    This is FUD. This possibility has nothing to do with HTTP vs. [some other DNS-like protocol] sitting on top of an encrypted connection.

    This possibility is, however, enabled by having the application package its own DNS resolution.

    If you want to use DNS over HTTPS as a system-wide daemon, you can use DNSCrypt 2 (https://dnscrypt.info/ ) and disable DoH within Firefox/Chrome.

  • awesome-tunneling

    List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.

    In this case using an IPv6 address might work (if your ISPs aren't behind on rolling out IPv6). Alternatively you could tunnel the connection through something intended to break through problematic NAT setups like ngrok (or its alternatives: https://github.com/anderspitman/awesome-tunneling).

    I've run a split horizon DNS configuration for years and I've got to say that it caused more problems for me than it solves.

    Luckily, you can just turn off DoH if it causes problems for you.

    In my experience, the Chromecast and Google Assistant functionality isn't related to your DNS setup. Chromecast should work through broadcast or through an active request from HASS itself, and the Google integration has always gone through the cloud as far as I know.

    Perhaps your setup is different than mine, but I don't think these issues are necessarily DNS related, unless Google's servers are getting your local IP when they query for the HASS domain.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  • midway

    A rudimentary middleware for port 80 and port 443 over tcp (by celzero)

    You can essentially "VPN" (relay) your in-browser http traffic with just DoH.

    Setup a DoH stub resolver to reply with the same (gateway) IP for all DNS queries, then on the gateway IP, forward traffic using sni (http2/http1.1) or host headers (http1).

    This won't / can't work with http3 because defending against such transparent relay was one of quic's design goals (http3's underlying transport). You can blackhole all UDP traffic on the gateway though, which should block http3 altogether.

    The only real worry is there's no authentication to connect to the IP. So, some form of "captive portal" may be required.

    I've written a tiny go program that does this, that you can deploy to fly.io: https://github.com/celzero/midway

  • serverless-dns

    The RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io

    Thanks :) I'm not as active on other social media. I must also point out that my networking chops are at beginner level. midway is mostly adopted from inetaf/tcpproxy and dlundquist/sniproxy.

    > Go or JS(Node/Deno) is also how I usually go about it!

    Pretty much my choice of languages too. Deno, especially, is a wonderful alternative to Go. I co-maintain a DoH stub-resolver for Node/Deno: https://github.com/serverless-dns/serverless-dns

  • nextdns

    NextDNS CLI client (DoH Proxy)

    For anyone looking for a quick and easy solution via NextDNS: https://github.com/nextdns/nextdns/wiki

    I have it installed a few different places on a few networks (Ubiquity, DDWRT, OPNSense, DNSMasq), and it works as expected.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts