南琴浪博客

dingo - HTTPS DNS 服务

12/06/2017

群里大佬给我安利了一款 HTTPS DNS 服务 - dingo,本文就对其进行一点介绍。

项目地址:https://github.com/pforemski/dingo

Introduction

以下介绍引用自 readme 原文:

A DNS client (stub resolver) implemented in Go for the Google DNS-over-HTTPS. It effectively encrypts all your DNS traffic. It also supports OpenResolve by OpenDNS.

The ultimate goal for the project is to provide a secure, caching DNS client that communicates with recursive DNS resolvers over encrypted channels only. For now, it resolves DNS queries over HTTP/2 in independent threads. The plans for future include better caching and support for QUIC.

Quick Start

想要快速使用该服务,只需执行以下:

mkdir dingo && cd dingo
wget https://github.com/pforemski/dingo/releases/download/0.13/dingo-linux-amd64
nohup ./dingo-linux-amd64 -port=53 &

可以在本地进行测试:

mv /etc/resolv.conf /etc/resolv.conf.bak
echo "nameserver 127.0.0.1" > /etc/resolv.conf

ping www.google.com

更多高级参数可以浏览官方文档。

Incorporation

同时可以结合一些其它 dns 服务,例如 unbounddnsmasq,这俩款服务我在之前的文章均有介绍。若想结合使用,只需将 unbound 或 dnsmasq 的上游指定为 127.0.0.1:53。需注意,这时 unbound 不能启用强制 TCP 查询。