DoH Config: HTTP-mode only

1. [global]
2. # default listen address.
3. # set to "" to list to all addresses (default)
4. #
5. listen = ""
6.  
7.  
8. # default log level
9. #
10. # these are Syslog-compatible log levels
11. # Emergency = 0
12. # Alert = 1
13. # Crit = 2
14. # Error = 3
15. # Warn = 4
16. # Notice = 5        # default for DoH daemon -- not chatty at all
17. # Information = 6   # also controlled from cli using -verbose switch: add's some diagnostics information
18. # Debug = 7         # also controlled from cli using -debug switch: very chatty and fully verbose
19. #
20. loglevel = 5
21.  
22.  
23. # http-only server
24. # according to RFC8484, DoH must only be supported via TLS on HTTP/2
25. # However, for development purposes, the http-plain mode can be helpful,
26. # i.e. to capture wire format traffic.
27. # When running in Docker, it may be also indiciated to expose the service
28. # through plain-text HTTP, and run it behind a frontend load-balancer,
29. # which does the TLS offloading.
30. #
31. [http]
32.     enable = true
33.     port = 8080
34.  
35.  
36. # settings for TLS HTTP/2 service (mandatory)
37. #
38. [tls]
39.     enable = false
40.     port = 8443
41.     pkey = "./conf/private.key"
42.     cert = "./conf/public.crt"
43.  
44.  
45. # DNS resolver
46. #
47. # at least one host must be specified in
48. # URI format, as described in https://tools.ietf.org/html/rfc3986
49. #
50. # multiple hosts can be specified as shown below,
51. # both in FQDN format or using IP(v4|6) addresses.
52. #
53. # use udp:// for standard DNS resolvers
54. #   - port number can be specified using ':<port>' syntax, defaults to ':53'
55. # use https:// for DoH servers
56. #   - port number can be specified using ':<port>' syntax, defaults to ':443'
57. #   - DoH servers can support both POST or GET request methods,
58. #       append '#<request-method>' to indicate preferred method (defaults to '#POST')
59. #   - use the FQDN only, do not append '/dns-query' URI to hostname (read: it will be ignored)
60. #
61. #   [ "udp://192.0.2.1:53", "udp://fully-qualified-host.local", "https://cloudflare-dns.com#POST", "https://cloudflare-dns.com#GET" ]
62. #
63. [dns]
64.     resolvers = [ "udp://192.0.2.1:53", "udp://localhost" ]
65.  
66.  
67. # Optional influxDB to report telemetry information
68. #
69. # Telemetry logging only includes counters for HTTP GET / POST requests,
70. # and the number of DNS RR Type requests (e.g. TYPE A, TYPE NS) processed.
71. # No additional information, e.g. queried hostnames, returned IP addresses,
72. # source IPs, etc, is included in the telemetry.
73. #
74. [influx]
75.     enable = false
76.     url = ""
77.     database = ""
78.     username = ""
79.     password = ""
80.  
81.  
82. # Optional Redis cache support to perform application-level caching of DNS responses
83. # This works side-by-side with any ordinary DNS query cache, but on the DoH frontend service,
84. # saving extra round-trips and recursion through the DNS backends.
85. #
86. [redis]
87.     enable = false
88.     addr = "localhost"
89.     port = "6379"
90.     password = ""