Nowadays, some providers (such as Cloudflare) provide a DNS-over-TLS feature that could let us enhance privacy by encrypting our DNS queries. Our applications don't handle DNS-over-TLS by default. Your task is to design and create a simple DNS to DNS-over-TLS proxy that we could use to enable our application to query a DNS-over-TLS server.
The script dns-over-tls-proxy.py uses the socket and ssl modules to achieve the given task. It creates a socket and binds it on port 12853. It can receive a TCP DNS request on this port and forward it to any DNS provider that supports DNS over TLS.
To build a docker container just run the following command
- docker build -t dns-proxy .
To run the docker container
- docker run -d --name dns-proxy -e DNS_SERVER=1.1.1.1 -e DNS_PORT=853 -p 12853:12853 dns-proxy
To test the setup
- dig @127.0.0.1 -p 12853 +tcp fefe.de
** The environment variables DNS_SERVER and DNS_PORT are mandatory.
The docker container is portable and can be deployed as a replicated service in k8s, swarm etc.
The following improvements can be done to this service:
- The docker image is quite big at ~900 MB. It can reduced by using a python alpine base image.
- Handles a single request at a time.