noot

2024-08-03 14:19:38 -05:00 · 2024-08-03 14:19:38 -05:00 · 1040c0831a
parent f178ffe732
commit 1040c0831a
3 changed files with 154 additions and 23 deletions
--- a/ansible/\
+++ b/ansible/\
@ -0,0 +1,106 @@
+<!doctype html>
+<html>
+  <head>
+    <title>mydns</title>
+    <link rel="apple-touch-icon" sizes="180x180" href="/static/apple-touch-icon.png">
+    <link rel="icon" type="image/png" sizes="32x32" href="/static/favicon-32x32.png">
+    <link rel="icon" type="image/png" sizes="16x16" href="/static/favicon-16x16.png">
+    <link rel="manifest" href="/static/site.webmanifest">
+    <link rel="stylesheet" href="/static/normalize.css" type="text/css">
+    <link rel="stylesheet" href="/static/tacit.min.css" type="text/css">
+  </head>
+  <body>
+    <section>
+      <header>
+        <nav>
+          <h1>mydns.gay</h1>
+        </nav>
+      </header>
+      <article>
+        <p>
+          this is my anonymous dns server. you are free to use it, but just letting you know, this is mine, so it only really has features i care about.
+        </p>
+        <p>
+          the only thing i record are long-term metrics, for the health of the service.
+        </p>
+        <p>
+          it's meant to preserve my privacy (along with anyone who is using its).
+          in large, my goal is to avoid my dns data being sold to advertisers.
+        </p>
+      </article>
+      <article>
+        <h3>endpoints</h3>
+        <p>
+          <table>
+            <tbody>
+              <tr>
+                <th>type</th>
+                <th>endpoint</th>
+                <th>additional info</th>
+              </tr>
+              <tr>
+                <td>
+                  DoH/DoH3
+                </td>
+                <td>
+                  <code>https://mydns.gay/dns-query</code>
+                </td>
+                <td>
+                  via ip4/ ipv6.
+                </td>
+              </tr>
+              <tr>
+                <td>
+                  DNS / DoT (IPv4)
+                </td>
+                <td>
+                  <code>172.232.13.191</code>
+                </td>
+                <td>
+                  SNI for TLS is <code>mydns.gay</code>
+                </td>
+              </tr>
+            </tbody>
+              <tr>
+                <td>
+                  DNS / DoT (IPv6)
+                </td>
+                <td>
+                  <code> 2600:3c06::f03c:94ff:fe68:afad</code>
+                </td>
+                <td>
+                  SNI for TLS is <code>mydns.gay</code>
+                </td>
+              </tr>
+          </table>
+        </p>
+      </article>
+      <!--
+        <article>
+        <h3>information</h3>
+        </article>
+      -->
+      <article>
+        <h3>information</h3>
+        <p>
+          the server is in linode ORD datacenter. if i believe that linode one day is unfit to run this service, i will switch.
+        </p>
+        <p>
+          i'm really lazy, so the truth is, this is made from patching together a bunch of open source tools
+          <ul>
+            <li><a href="https://github.com/caddyserver/caddy">caddy (https routing, H3)</a></li>
+            <li><a href="https://github.com/PowerDNS/pdns">dnsdist (dns load balancer)</a></li>
+            <li><a href="https://github.com/semihalev/sdns">sdns (recursive resolver)</a></li>
+            <li><a href="https://github.com/ansible/ansible">ansible (setup & config management)</a></li>
+            <li><a href="https://debian.org">debian (host)</a></li>
+            <li><a href="https://github.com/VictoriaMetrics/VictoriaMetrics">victoriametrics (metrics)</a></li>
+            <li><a href="https://github.com/prometheus/prometheus">prometheus (metrics)</a></li>
+            <li><a href="https://github.com/grafana/grafana">grafana (metrics)</a></li>
+          </ul>
+        </p>
+
+      </article>
+    </section>
+
+  </body>
+</html>
--- a/ansible/assets/index.html
+++ b/ansible/assets/index.html
@ -20,21 +20,13 @@
        <p>
          this is my anonymous dns server. you are free to use it, but just letting you know, this is mine, so it only really has features i care about.
        </p>
+        <p>
+          the only thing i record are long-term metrics, for the health of the service.
+        </p>
        <p>
          it's meant to preserve my privacy (along with anyone who is using its).
          in large, my goal is to avoid my dns data being sold to advertisers.
        </p>
-        <p>
-          the only thing i record are long-term metrics, for the health of the service.
-
-          the server is in linode ORD datacenter. if i believe that linode one day is unfit to run this service, i will switch.
-        </p>
-        <p>
-          software used:  <ul>
-            <li><a href="https://github.com/ansible/ansible">ansible</a></li>
-            <li><a href="https://github.com/PowerDNS/pdns">dnsdist</a></li>
-          </ul>
-        </p>
      </article>
      <article>
        <h3>endpoints</h3>
@ -54,42 +46,48 @@
                  <code>https://mydns.gay/dns-query</code>
                </td>
                <td>
-                  via ip4, ipv6. TLS powered by  <a href="https://github.com/caddyserver/caddy">caddy</a>
+                  via ip4/ipv6.
                </td>
              </tr>
              <tr>
                <td>
-                  DNS
+                  DNS (IPv4)
                </td>
                <td>
-                  <code>172.232.13.191</code> / <code>mydns.gay</code>
+                  <code>172.232.13.191</code>
                </td>
                <td>
-                  port 53
                </td>
              </tr>
              <tr>
                <td>
-                  DNS (ipv6)
+                  DNS (IPv6)
                </td>
                <td>
-                  <code>
-                    2600:3c06::f03c:94ff:fe68:afad
-                  </code> / <code>mydns.gay</code>
+                  <code>[2600:3c06::f03c:94ff:fe68:afad]</code>
                </td>
                <td>
-                  port 53
                </td>
              </tr>
+              <td>
+                DNS over TLS/DoQ (IPv4)
+              </td>
+              <td>
+                <code>172.232.13.191:853</code>
+              </td>
+              <td>
+                SNI for TLS is <code>mydns.gay</code>
+              </td>
+              </tr>
              <tr>
                <td>
-                  DoT
+                  DNS over TLS/DoQ (IPv6)
                </td>
                <td>
-                  <code>172.232.13.191:853</code> / <code>mydns.gay:853</code>
+                  <code>[2600:3c06::f03c:94ff:fe68:afad]:853</code>
                </td>
                <td>
-                  Dns over TLS
+                  SNI for TLS is <code>mydns.gay</code>
                </td>
              </tr>
            </tbody>
@ -101,6 +99,27 @@
        <h3>information</h3>
        </article>
      -->
+      <article>
+        <h3>information</h3>
+        <p>
+          the server is in linode ORD datacenter. if i believe that linode one day is unfit to run this service, i will switch.
+        </p>
+        <p>
+          i'm really lazy, so the truth is, this is made from patching together a bunch of open source tools
+          <ul>
+            <li><a href="https://github.com/caddyserver/caddy">caddy (https routing, H3)</a></li>
+            <li><a href="https://github.com/PowerDNS/pdns">dnsdist (dns load balancer)</a></li>
+            <li><a href="https://github.com/semihalev/sdns">sdns (recursive resolver)</a></li>
+            <li><a href="https://github.com/ansible/ansible">ansible (setup & config management)</a></li>
+            <li><a href="https://debian.org">debian (host)</a></li>
+            <li><a href="https://github.com/VictoriaMetrics/VictoriaMetrics">victoriametrics (metrics)</a></li>
+            <li><a href="https://github.com/prometheus/prometheus">prometheus (metrics)</a></li>
+            <li><a href="https://github.com/grafana/grafana">grafana (metrics)</a></li>
+          </ul>
+        </p>
+
+      </article>
    </section>
+
  </body>
 </html>
--- a/ansible/files/dnsdist.conf
+++ b/ansible/files/dnsdist.conf
@ -22,9 +22,15 @@ addAction(MaxQPSIPRule(5, 32, 48, 20), DelayAction(100))
 webserver("127.0.0.1:6060")
 setWebserverConfig({ statsRequireAuthentication=false })
 setLocal("0.0.0.0:53")
+
+-- proxied by caddy
 addDOHLocal("127.0.0.1:8053", nil, nil, "/dns-query", { reusePort=true, trustForwardedForHeader=true })
+
 addTLSLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
 addTLSLocal('[::]:853', tls_cert_crt, tls_cert_key)

+addDOQLocal('0.0.0.0:853', tls_cert_crt, tls_cert_key)
+addDOQLocal('[::]:853', tls_cert_crt, tls_cert_key)
+
 addACL('0.0.0.0/0')
 addACL('::/0')