Dnsproxy

dnsproxy is an encrypted DNS proxy and traffic router that translates and forwards DNS requests between clients and upstream resolvers. It functions as a server for multiple secure protocols, including DNS-over-HTTPS, DNS-over-TLS, DNS-over-QUIC, and DNSCrypt, to protect queries from eavesdropping and tampering.

The project differentiates itself through advanced routing and optimization capabilities. It utilizes a domain-based routing engine to direct queries to specific upstream servers via wildcard rules and employs parallel querying to return responses from the fastest responding network address. It also provides IPv6 connectivity transition by synthesizing IPv6 addresses for IPv4-only destinations.

The server includes additional traffic management and security features, such as TTL-based response caching, request rate limiting, and basic authentication for encrypted endpoints. It supports forwarding client subnet information to upstream resolvers for geographically optimized results and can transform specific IP responses into non-existent domain errors.

The project can be deployed as a container image.

Features

Multi-Protocol Encrypted DNS Servers - Provides a multi-protocol server supporting DNS-over-HTTPS, TLS, QUIC, and DNSCrypt.

Encrypted DNS Resolvers - Acts as an encrypted DNS proxy that translates and forwards requests using secure protocols like DoH and DoT.

Encrypted DNS Proxies - Functions as an encrypted DNS proxy translating between protocols like DoH, DoT, and DNSCrypt.

DNS Forwarding Routing - Routes DNS queries to specific external servers using standard or encrypted protocols.

DNS Query Optimization - Minimizes resolution latency by querying multiple upstreams in parallel and returning the fastest response.

DNS Query Routers - Functions as a router that directs DNS queries to specific upstreams based on domain names.

DNS Routing Overrides - Maps specific domains or private network ranges to designated upstream resolvers.

DNS-over-HTTPS Servers - Provides a network service that resolves DNS queries over the encrypted HTTPS protocol.

DNS-over-TLS Servers - Provides a server that wraps DNS queries in TLS encryption to prevent eavesdropping.

Encrypted DNS Servers - Hosts encrypted DNS endpoints using TLS certificates or DNSCrypt configurations to secure client connections.

Protocol Translation Proxies - Translates DNS requests between encrypted transport protocols and standard upstream resolver formats.

Domain-Based Routing - Provides a routing engine that directs DNS queries to specific upstream servers based on domain name wildcard rules.

DNS-over-QUIC Servers - Implements a DNS-over-QUIC server for low-latency encrypted name resolution.

DNSCrypt Implementations - Implements the DNSCrypt protocol to ensure secure and authenticated communication with DNS resolvers.

Latency Optimization Strategies - Identifies the fastest responding IP address from multiple upstream servers to optimize response latency.

Response Caching - Stores DNS lookup results locally using TTL values to reduce upstream load and network latency.

DNS Caches - Caches resolved domain lookups locally to accelerate subsequent requests and reduce upstream load.

Parallel Action Racing - Employs a racing pattern to return the DNS result from the fastest responding upstream network address.

Parallel Provider Calls - Queries multiple upstream servers simultaneously and returns the first successful response to minimize latency.

DNS64 Translation - Synthesizes IPv6 addresses from IPv4 records to enable IPv6-only clients to access IPv4 resources.

IPv4-Mapped IPv6 Address Techniques - Synthesizes IPv6 addresses for IPv4-only destinations to enable connectivity for IPv6-only clients.

EDNS Client Subnet Routing - Implements the EDNS0 extension to forward client subnet information for geographically optimized DNS responses.

IPv6 Implementations - Translates IPv4 addresses into synthetic IPv6 addresses to enable connectivity for IPv6-only clients.

Upstream Response Racing - Queries multiple upstream servers in parallel and returns the result from the fastest network address.

DNS Access Controls - Controls DNS server access through basic authentication and rate limiting.

Request Rate Limiting - Tracks incoming query volume per client and drops traffic exceeding thresholds to prevent resource exhaustion.

Client Request Quotas - Implements per-client request quotas to protect the DNS server from resource exhaustion.

AdguardTeamdnsproxy

Features

Star history