[Dnsmasq-discuss] Forwarding UDP requests to TCP, some other concerns

[Corey Minyard]

On Mon, Aug 19, 2024 at 1:56 PM Buck Horn via Dnsmasq-discuss
<dnsmasq-discuss at lists.thekelleys.org.uk> wrote:
>
> On 19.08.24 18:38, Corey Minyard wrote:
>
> On Mon, Aug 19, 2024 at 8:58 AM Buck Horn via Dnsmasq-discuss <dnsmasq-discuss at lists.thekelleys.org.uk> wrote:
>>
>> It's not entirely clear from your description, but if your goal would be
>> to have dnsmasq forward DNS requests to a DoT server, then dnsmasq can't
>> do that: It fully supports DNS (port 53 UDP/TCP), but does not support
>> DoT (port 853 TCP) at all. You would need a DoT proxy between dnsmasq
>> and your DoT server for that use case.
>
>
> That's my overall goal, but I have stunnel which will take a TCP connection and forward it over TLS.  It would be nice if dnsmasq would support DoT, but I'm ok that it doesn't.  bind doesn't, either.
>
>
> I see -  so your dnsmasq TCP requirement is introduced by your choice of stunnel?
>
> But stunnel isn't a DoT proxy, it is a TLS proxy wrapper, and as such, would lack UDP support, somewhat naturally employing TCP only.
>
> A proper DoT proxy would have to support UDP as well as TCP, as both protocols are mandatory for DNS.
>
> Instead of trying to find some bandaid for dnsmasq, I'd recommend to consider using a proper DoT/DoX proxy instead (e.g. AdguardTeam/dnsproxy). Or if you would already happen to run nginx, I believe that could also be configured to act as DNS to DoT gateway.

Ah, that's what I was looking for.  I searched and for some reason
these didn't show up, I got some things that were woefully inadequate.
One of these should do what I'm looking for.

Thanks,

-corey

>
> Kind regards,
>
>        Buck
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss