dough/README.md

# Dough

## Dough is a DoH (DNS Queries over HTTPS) server written in Elixir

This server was written to the IEFT Draft Spec
[draft-ietf-doh-dns-over-https-14](https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-14),
and has been tested and works flawlessly with Mozilla Firefox `trr` 
configuration.

## Motivation

After Mozilla announced their DNS over HTTPS client, the Trusted Recursive
Resolver (TRR) in partnership with Cloudflare, it sparked a privacy outcry.
Many were upset that Mozilla was choosing to have an opt-out option that sends
all visited hostnames to a third-party US based corporation.

This has the potential to centralize DNS infrastructure further, and allows
monopolistic control over an even greater portion of internet traffic.

Users should have control over this feature, and be able to choose their DoH
proxy server from sources they actually trust.

## Running the server

### From release

Current release is `0.1.0`, and is distributed via WebTorrent at
[magnet:?xt=urn:btih:0744fca4677180d58c1f04e58b7ac8fd5c061c91&dn=dough-0.1.0.tgz](https://instant.io/#0744fca4677180d58c1f04e58b7ac8fd5c061c91)

```
# extract the server .

$ tar zxvf dough-0.1.0.tgz 
dough-0.1.0/
dough-0.1.0/dough.toml
dough-0.1.0/dough.sig
dough-0.1.0/dough

$ cd dough-0.1.0/

# verify it's the real deal.

$ keybase pgp verify -S thurloat -d dough.sig -i dough
▶ INFO Identifying thurloat
✔ public key fingerprint: 654D 176F 7C3F 7A1E F9A8 E78E 9899 F753 371E 6129
✔ ...
Signature verified. Signed by thurloat X hours ago (2018-09-12 11:28:39 -0300 ADT).
PGP Fingerprint: 654d176f7c3f7a1ef9a8e78e9899f753371e6129.

# or 

$ gpg --verify dough.sig dough

# copy the configuration to ~/.config
$ cp dough.toml ~/.config

# run the server
./dough foreground
```

### Compile your own release from source 

You can compile and run a release by executing the following.

```
$ mix deps.get

$ MIX_ENV=prod mix release --env=prod

$ cp _build/prod/rel/dough/etc/dough.toml ~/.config

$ _build/prod/rel/dough/bin/dough foreground

██▄   ████▄   ▄     ▄▀   ▄  █
█  █  █   █    █  ▄▀    █   █
█   █ █   █ █   █ █ ▀▄  ██▀▀█
█  █  ▀████ █   █ █   █ █   █
███▀        █▄ ▄█  ███     █
             ▀▀▀          ▀
Starting Dough Server 0.1.0 ...
DNS Proxying to 37.235.1.174

```

### Run in development mode

```
$ mix deps.get
$ mix run --no-halt
```

Feel free to edit the config file at `~/.config/dough.toml` to configure it to
use your favourite DNS provider as the proxy. By default, it's configured to
use [OpenNIC](https://www.opennic.org/) DNS servers for maximum freedom (as in
birds).


## Configure Firefox

The quickest way to configure firefox is to visit `about:config`, then search
for `trr`, setting the following values:

```
# force TRR mode, disable normal DNS lookups
network.trr.mode;3

# set your DoH server address. You need to use an IP, not a domain name,
# otherwise you won't be able to look it up with mode 3 set.
network.trr.uri;https://127.0.0.1:8331/dns-query

# a domain firefox will resolve to make sure TRR works.
network.trr.confirmationNS;thurloat.com
```

The project ships with a default certificate to use if you're running on
localhost, in order to have firefox communicate with your local server you
need to visit `https://127.0.0.1:8331/` in the browser, and accept the cert
before it will work as your TRR provider.