3.4 KiB
Dough
Dough is a DoH (DNS Queries over HTTPS) server written in Elixir
This server was written to the IEFT Draft Spec
draft-ietf-doh-dns-over-https-14,
and has been tested and works flawlessly with Mozilla Firefox trr
configuration.
Motivation
After Mozilla announced their DNS over HTTPS client, the Trusted Recursive Resolver (TRR) in partnership with Cloudflare, it sparked a privacy outcry. Many were upset that Mozilla was choosing to have an opt-out option that sends all visited hostnames to a third-party US based corporation.
This has the potential to centralize DNS infrastructure further, and allows monopolistic control over an even greater portion of internet traffic.
Users should have control over this feature, and be able to choose their DoH proxy server from sources they actually trust.
Running the server
From release
Current release is 0.1.0
, and is distributed via WebTorrent at
magnet:?xt=urn:btih:0744fca4677180d58c1f04e58b7ac8fd5c061c91&dn=dough-0.1.0.tgz
# extract the server .
$ tar zxvf dough-0.1.0.tgz
dough-0.1.0/
dough-0.1.0/dough.toml
dough-0.1.0/dough.sig
dough-0.1.0/dough
$ cd dough-0.1.0/
# verify it's the real deal.
$ keybase pgp verify -S thurloat -d dough.sig -i dough
▶ INFO Identifying thurloat
✔ public key fingerprint: 654D 176F 7C3F 7A1E F9A8 E78E 9899 F753 371E 6129
✔ ...
Signature verified. Signed by thurloat X hours ago (2018-09-12 11:28:39 -0300 ADT).
PGP Fingerprint: 654d176f7c3f7a1ef9a8e78e9899f753371e6129.
# or
$ gpg --verify dough.sig dough
# copy the configuration to ~/.config
$ cp dough.toml ~/.config
# run the server
./dough foreground
Compile your own release from source
You can compile and run a release by executing the following.
$ mix deps.get
$ MIX_ENV=prod mix release --env=prod
$ cp _build/prod/rel/dough/etc/dough.toml ~/.config
$ _build/prod/rel/dough/bin/dough foreground
██▄ ████▄ ▄ ▄▀ ▄ █
█ █ █ █ █ ▄▀ █ █
█ █ █ █ █ █ █ ▀▄ ██▀▀█
█ █ ▀████ █ █ █ █ █ █
███▀ █▄ ▄█ ███ █
▀▀▀ ▀
Starting Dough Server 0.1.0 ...
DNS Proxying to 37.235.1.174
Run in development mode
$ mix deps.get
$ mix run --no-halt
Feel free to edit the config file at ~/.config/dough.toml
to configure it to
use your favourite DNS provider as the proxy. By default, it's configured to
use OpenNIC DNS servers for maximum freedom (as in
birds).
Configure Firefox
The quickest way to configure firefox is to visit about:config
, then search
for trr
, setting the following values:
# force TRR mode, disable normal DNS lookups
network.trr.mode;3
# set your DoH server address. You need to use an IP, not a domain name,
# otherwise you won't be able to look it up with mode 3 set.
network.trr.uri;https://127.0.0.1:8331/dns-query
# a domain firefox will resolve to make sure TRR works.
network.trr.confirmationNS;thurloat.com
The project ships with a default certificate to use if you're running on
localhost, in order to have firefox communicate with your local server you
need to visit https://127.0.0.1:8331/
in the browser, and accept the cert
before it will work as your TRR provider.