Personal Configuration file for hosting dns server on haproxy

Minoplhy 4d2eaa8ff2 Codeberg isn't active 3 gadi atpakaļ
addition 9848faf4c0 Update check.http 4 gadi atpakaļ
configuration 3581faba09 fix compatiblity issues on some Android 11 phone 3 gadi atpakaļ
README.md 4d2eaa8ff2 Codeberg isn't active 3 gadi atpakaļ
bright.md d78c9a2b81 Create bright.md 4 gadi atpakaļ
download-filters.sh f3bfe34c88 Update download-filters.sh 3 gadi atpakaļ

README.md

HaproxyDNS

Use Haproxy or NGINX as Dns-over-HTTPS | DNS-over-TLS | DNSCrypt(not Haproxy) | Plain DNS Server

!!! denylist.rpz and allowlist.rpz are made for my private use and will cause problem with some domain !!!

denylist.rpz and allowlist.rpz now moved to dedicated repository but still cause problem

Query
           Dns-over-TLS
          --------------------->  Haproxy(Frontend)    ----------------------------->  
Cluster                         Listen(TCP/443/853)                                 
          --------------------->            (HTTP/443) -------> m13253/DOH   ------->        Knot-resolver
	   Dns-over-HTTPS                                                                    Listen(global/dns)Listen(Local/dns)
	   DNSCrypt v2             
	   --------------------->  jedisct1/Encrypted DNS Server ------------------->
                                   Listen(TCP/UDP/8443)

or NGINX

Query
           Dns-over-TLS
          --------------------->  NGINX(Frontend)    ----------------------------->  
Cluster                         Listen(TCP/853)                                 
          --------------------->            (HTTP/443) -------> m13253/DOH   ------->        Knot-resolver
	   Dns-over-HTTPS                                                                    Listen(global/dns)Listen(Local/dns)
	   DNSCrypt v2             
	   --------------------->  jedisct1/Encrypted DNS Server ------------------->
                                   Listen(TCP/UDP/8443)

Recommendation

  1. knot-resolver Recommended using upstream repository on debian
  2. download-filters.sh Recommended if you want to download all the default filters used in kresd.conf(knot-resolver configuration)
  3. jedisct1/Encrypted-dns-server Recommended if you are looking for an easy way to start a DNSCrypt server
  4. Mozilla ssl-config Recommended if you are looking for a sample TLS/SSL configuration for your Server Software
  5. AdGuardHome or Pi-hole Recommended in case your blocklist are big {my big is around 10MB ++} and RAM is your limitation .
  6. use AdGuardHome or Pi-hole instead of Knot-Resolver Recommended if you already forwarded all requests to Third-Party(e.g. quad9)
  7. not open Port 53 to the world Recommended if your dns server is only for private use or internal use, cause you'll get chance of getting flood from unknown party

Mirror / Fork

Mirror n Fork Repository might not up-to-date with main repository

notabug.org

git.disroot.org