dnsproxy is a server that proxies DNS over TLS, DNS over HTTPS, and DNS over Quic requests to a standard DNS server.
dnsproxy is intended to directly face the internet and should be able to bind to the correct ports (443, 853). dnsproxy requires a TLS certificate and private key. DNS over TLS and DNS over Quic requires a TLS certificate with an IP Address subject alternate name.
Usage dnsproxy <mode> [options]
Modes:
config Print out the default configuration to stdout and exit
server Start the dnsproxy server
test Validate the dnsproxy configuration. Print any errors to stderr. Exits with 0 if valid.
Options:
-c --config <value> Specify the path to the config file. Only used in server and test mode.
Signals:
USR1 Rotate the log file by appending yesterdays date to the file name and start a new file
USR2 Reload the configuration without restarting the process
dnsproxy is configured using a configuration file. To generate a default configuration file, run
dnsproxy config.
dnsproxy can act as a Zabbix agent. When the zabbix_server configuration property is set, it will
send the following metrics every minute:
| Item Key | Description |
|---|---|
agent.ping |
Will always be 1 so long as dnsproxy is running. |
panic.recover |
The number of panics that have been recovered from within the last minute. |
query.doh.forward |
The number of DNS over HTTPS queries that have been forwarded. |
query.dot.forward |
The number of DNS over TLS queries that have been forwarded. |
query.doh.error |
The number of DNS over HTTPS queries that failed. |
query.dot.error |
The number of DNS over TLS queries that failed. |
dnsproxy is free and open source software governed by the terms of the GNU General Public License v3.