On 19.08.24 18:38, Corey Minyard wrote:
On Mon, Aug 19, 2024 at 8:58 AM Buck Horn via Dnsmasq-discuss <dnsmasq-discuss@lists.thekelleys.org.uk> wrote:It's not entirely clear from your description, but if your goal would be to have dnsmasq forward DNS requests to a DoT server, then dnsmasq can't do that: It fully supports DNS (port 53 UDP/TCP), but does not support DoT (port 853 TCP) at all. You would need a DoT proxy between dnsmasq and your DoT server for that use case. That's my overall goal, but I have stunnel which will take a TCP connection and forward it over TLS. It would be nice if dnsmasq would support DoT, but I'm ok that it doesn't. bind doesn't, either.
I see - so your dnsmasq TCP requirement is introduced by your choice of stunnel? But stunnel isn't a DoT proxy, it is a TLS proxy wrapper, and as such, would lack UDP support, somewhat naturally employing TCP only. A proper DoT proxy would have to support UDP as well as TCP, as both protocols are mandatory for DNS. Instead of trying to find some bandaid for dnsmasq, I'd recommend to consider using a proper DoT/DoX proxy instead (e.g. AdguardTeam/dnsproxy). Or if you would already happen to run nginx, I believe that could also be configured to act as DNS to DoT gateway. Kind regards, Buck
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
