Skip to content

DNS over TLS configuration to use Cloudflare via knot-resolver project docker container

Notifications You must be signed in to change notification settings

dweinstein/docker-knot-resolver

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SYNOPSIS

DNS-over-TLS configuration to use cloudflare via knot-resolver project docker container.

How it works

We use the knot-resolver project.

The Dockerfile is using an "official" docker container image built by the open source project.

We specify a TLS policy in the config.docker:

policy.add(policy.all(policy.TLS_FORWARD({{'1.1.1.1', hostname='cloudflare-dns.com', ca_file='/data/DigiCertGlobalRootCA.crt' }})))

Metrics

Since we're using knot-resolver under the hood we can access some metrics from the service:

metrics

Mac OS

After running the container, set the ip of the container host as the DNS entry

Set DNS on Mac OS

Testing it works

One easy way to test that things are working is to use tcpdump on the host that is performing the DNS resolution (the one hosting the container).

% sudo tcpdump udp port 53

Now we watch to make sure there are no outbound DNS requests. We should only see an inbound DNS lookup request from the host you're testing from.when you're testing).

Debugging knot-resolver

Try looking at logs and attaching to the docker container:

Set the knot-resolver container to verbose using: verbose(true) either at the end of config.docker or by attaching to the container docker attach kresd and typing verbose(true) at the prompt. help() will get you more info at the REPL.

About

DNS over TLS configuration to use Cloudflare via knot-resolver project docker container

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages