a
/
dnsservice
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

noot

This commit is contained in:
a 2024-08-03 14:19:38 -05:00
parent f178ffe732
commit 1040c0831a
Signed by: a
GPG Key ID: 374BC539FE795AF0
3 changed files with 154 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
ansible/\ Normal file
View File

@ -0,0 +1,106 @@
<!doctype html>
<html>
<head>
<title>mydns</title>
<link rel="apple-touch-icon" sizes="180x180" href="/static/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/static/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/static/favicon-16x16.png">
<link rel="manifest" href="/static/site.webmanifest">
<link rel="stylesheet" href="/static/normalize.css" type="text/css">
<link rel="stylesheet" href="/static/tacit.min.css" type="text/css">
</head>
<body>
<section>
<header>
<nav>
<h1>mydns.gay</h1>
</nav>
</header>
<article>
<p>
this is my anonymous dns server. you are free to use it, but just letting you know, this is mine, so it only really has features i care about.
</p>
<p>
the only thing i record are long-term metrics, for the health of the service.
</p>
<p>
it's meant to preserve my privacy (along with anyone who is using its).
in large, my goal is to avoid my dns data being sold to advertisers.
</p>
</article>
<article>
<h3>endpoints</h3>
<p>
<table>
<tbody>
<tr>
<th>type</th>
<th>endpoint</th>
<th>additional info</th>
</tr>
<tr>
<td>
DoH/DoH3
</td>
<td>
<code>https://mydns.gay/dns-query</code>
</td>
<td>
via ip4/ ipv6.
</td>
</tr>
<tr>
<td>
DNS / DoT (IPv4)
</td>
<td>
<code>172.232.13.191</code>
</td>
<td>
SNI for TLS is <code>mydns.gay</code>
</td>
</tr>
</tbody>
<tr>
<td>
DNS / DoT (IPv6)
</td>
<td>
<code> 2600:3c06::f03c:94ff:fe68:afad</code>
</td>
<td>
SNI for TLS is <code>mydns.gay</code>
</td>
</tr>
</table>
</p>
</article>
<!--
<article>
<h3>information</h3>
</article>
-->
<article>
<h3>information</h3>
<p>
the server is in linode ORD datacenter. if i believe that linode one day is unfit to run this service, i will switch.
</p>
<p>
i'm really lazy, so the truth is, this is made from patching together a bunch of open source tools
<ul>
<li><a href="https://github.com/caddyserver/caddy">caddy (https routing, H3)</a></li>
<li><a href="https://github.com/PowerDNS/pdns">dnsdist (dns load balancer)</a></li>
<li><a href="https://github.com/semihalev/sdns">sdns (recursive resolver)</a></li>
<li><a href="https://github.com/ansible/ansible">ansible (setup & config management)</a></li>
<li><a href="https://debian.org">debian (host)</a></li>
<li><a href="https://github.com/VictoriaMetrics/VictoriaMetrics">victoriametrics (metrics)</a></li>
<li><a href="https://github.com/prometheus/prometheus">prometheus (metrics)</a></li>
<li><a href="https://github.com/grafana/grafana">grafana (metrics)</a></li>
</ul>
</p>
</article>
</section>
</body>
</html>

65
ansible/assets/index.html
View File

@ -20,21 +20,13 @@
<p> <p>
this is my anonymous dns server. you are free to use it, but just letting you know, this is mine, so it only really has features i care about. this is my anonymous dns server. you are free to use it, but just letting you know, this is mine, so it only really has features i care about.
</p> </p>
<p>
the only thing i record are long-term metrics, for the health of the service.
</p>
<p> <p>
it's meant to preserve my privacy (along with anyone who is using its). it's meant to preserve my privacy (along with anyone who is using its).
in large, my goal is to avoid my dns data being sold to advertisers. in large, my goal is to avoid my dns data being sold to advertisers.
</p> </p>
<p>
the only thing i record are long-term metrics, for the health of the service.
the server is in linode ORD datacenter. if i believe that linode one day is unfit to run this service, i will switch.
</p>
<p>
software used: <ul>
<li><a href="https://github.com/ansible/ansible">ansible</a></li>
<li><a href="https://github.com/PowerDNS/pdns">dnsdist</a></li>
</ul>
</p>
</article> </article>
<article> <article>
<h3>endpoints</h3> <h3>endpoints</h3>
@ -54,42 +46,48 @@
<code>https://mydns.gay/dns-query</code> <code>https://mydns.gay/dns-query</code>
</td> </td>
<td> <td>
via ip4, ipv6. TLS powered by <a href="https://github.com/caddyserver/caddy">caddy</a> via ip4/ipv6.
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
DNS DNS (IPv4)
</td> </td>
<td> <td>
<code>172.232.13.191</code> / <code>mydns.gay</code> <code>172.232.13.191</code>
</td> </td>
<td> <td>
port 53
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
DNS (ipv6) DNS (IPv6)
</td> </td>
<td> <td>
<code> <code>[2600:3c06::f03c:94ff:fe68:afad]</code>
2600:3c06::f03c:94ff:fe68:afad
</code> / <code>mydns.gay</code>
</td> </td>
<td> <td>
port 53
</td> </td>
</tr> </tr>
<td>
DNS over TLS/DoQ (IPv4)
</td>
<td>
<code>172.232.13.191:853</code>
</td>
<td>
SNI for TLS is <code>mydns.gay</code>
</td>
</tr>
<tr> <tr>
<td> <td>
DoT DNS over TLS/DoQ (IPv6)
</td> </td>
<td> <td>
<code>172.232.13.191:853</code> / <code>mydns.gay:853</code> <code>[2600:3c06::f03c:94ff:fe68:afad]:853</code>
</td> </td>
<td> <td>
Dns over TLS SNI for TLS is <code>mydns.gay</code>
</td> </td>
</tr> </tr>
</tbody> </tbody>
@ -101,6 +99,27 @@
<h3>information</h3> <h3>information</h3>
</article> </article>
--> -->
<article>
<h3>information</h3>
<p>
the server is in linode ORD datacenter. if i believe that linode one day is unfit to run this service, i will switch.
</p>
<p>
i'm really lazy, so the truth is, this is made from patching together a bunch of open source tools
<ul>
<li><a href="https://github.com/caddyserver/caddy">caddy (https routing, H3)</a></li>
<li><a href="https://github.com/PowerDNS/pdns">dnsdist (dns load balancer)</a></li>
<li><a href="https://github.com/semihalev/sdns">sdns (recursive resolver)</a></li>
<li><a href="https://github.com/ansible/ansible">ansible (setup & config management)</a></li>
<li><a href="https://debian.org">debian (host)</a></li>
<li><a href="https://github.com/VictoriaMetrics/VictoriaMetrics">victoriametrics (metrics)</a></li>
<li><a href="https://github.com/prometheus/prometheus">prometheus (metrics)</a></li>
<li><a href="https://github.com/grafana/grafana">grafana (metrics)</a></li>
</ul>
</p>
</article>
</section> </section>
</body> </body>
</html> </html>

6
ansible/files/dnsdist.conf
View File

@ -22,9 +22,15 @@ addAction(MaxQPSIPRule(5, 32, 48, 20), DelayAction(100))
webserver("127.0.0.1:6060") webserver("127.0.0.1:6060")
setWebserverConfig({ statsRequireAuthentication=false }) setWebserverConfig({ statsRequireAuthentication=false })
setLocal("0.0.0.0:53") setLocal("0.0.0.0:53")
-- proxied by caddy
addDOHLocal("127.0.0.1:8053", nil, nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true }) addDOHLocal("127.0.0.1:8053", nil, nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true })
addTLSLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key) addTLSLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
addTLSLocal('[::]:853', tls_cert_crt, tls_cert_key) addTLSLocal('[::]:853', tls_cert_crt, tls_cert_key)
addDOQLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
addDOQLocal('[::]:853', tls_cert_crt, tls_cert_key)
addACL('0.0.0.0/0') addACL('0.0.0.0/0')
addACL('::/0') addACL('::/0')