[Dnsmasq-discuss] Forwarding UDP requests to TCP, some other concerns
Buck Horn
buckhorn at weibsvolk.org
Mon Aug 19 18:12:51 UTC 2024
On 19.08.24 18:38, Corey Minyard wrote:
> On Mon, Aug 19, 2024 at 8:58 AM Buck Horn via Dnsmasq-discuss
> <dnsmasq-discuss at lists.thekelleys.org.uk> wrote:
>
> It's not entirely clear from your description, but if your goal
> would be
> to have dnsmasq forward DNS requests to a DoT server, then dnsmasq
> can't
> do that: It fully supports DNS (port 53 UDP/TCP), but does not support
> DoT (port 853 TCP) at all. You would need a DoT proxy between dnsmasq
> and your DoT server for that use case.
>
>
> That's my overall goal, but I have stunnel which will take a TCP
> connection and forward it over TLS. It would be nice if dnsmasq would
> support DoT, but I'm ok that it doesn't. bind doesn't, either.
I see - so your dnsmasq TCP requirement is introduced by your choice of
stunnel?
But stunnel isn't a DoT proxy, it is a TLS proxy wrapper, and as such,
would lack UDP support, somewhat naturally employing TCP only.
A proper DoT proxy would have to support UDP as well as TCP, as both
protocols are mandatory for DNS.
Instead of trying to find some bandaid for dnsmasq, I'd recommend to
consider using a proper DoT/DoX proxy instead (e.g.
AdguardTeam/dnsproxy). Or if you would already happen to run nginx, I
believe that could also be configured to act as DNS to DoT gateway.
Kind regards,
Buck
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20240819/59a8e605/attachment.htm>
More information about the Dnsmasq-discuss
mailing list