Hi Tina,
Could you please spend your free time to have a check DNS leaking issue when using this script?
I notice when I change the DoH endpoint to my nextDNS DoH link. Instead there should only be NextDNS server for queries, it's going to leak to OpenDNS, YandexDNS, google DNS as well.
I did use YogaDNS for resolving on my windows. Even setting up fix DoH native on Windows 11. Sometimes, it is still leaking to other servers.
I suspect the worker.dev domain might be the culprit in this case but I don't have enough technical knowledge to dig deeply into the issue. Hopefully you can have a quick check.
Notice that I have no DNS leaking when I use directly my nextDNS DoH endpoint with YogaDNS app, not proxy through the workers scripts.
Thank you for you support. Cheers.

If the upstream dns supports ecs, can cf-doh support ecs?

With the recent release of connect() for making outbound TCP connection in Cloudflare Workers, it's technically possible to currently write a forwarding to DoT servers instead DoH, and in the future, once the support for inbound TCP and QUIC is added, also forwarding from DoT & DoQ to any DoH, DoT, and DoQ server.

However, aside from the nonzero effort to learn about the new API and implement them, forwarding DoH GET requests to DoT/DoQ will be slightly more involved than simply forwarding DoH POST to DoT/DoQ, since the URL in DoH GET must be decoded first.

The actual benefit of extending support for DoT & DoQ will be minimal, for outbound, most servers that support DoT & DoQ likely support DoH too, and for inbound, if a government blocks DoH servers, then they likely already block DoT & DoQ entirely by closing down port 853.

Minimal doesn't mean none, Inbound DoT is very practical for Android users due to its native support, and even with an outbound that already supports DoT, using Cloudflare's cert avoids the dilemma in LetsEncrypt where supporting newer Android DoT means abandoning older Android DoT, and vice versa. So if someone creates a pull request about DoT/DoQ support, I will still review it.

Hi Tina,

1. I saw you had updated this repository a few times. To update it, I need to copy the contents from index.js index.js and change my DNS provider and update in the Cloudflare worker section right? Is there anything else I have to do? Because I think the last time when I deployed it, I did it manually.

2. Will it automatically support http/3? I am using nextdns.io, and they recently supported doh3.nextdns.io as their http/3 DNS. But not sure if I have to change anything in the code to make it work.

thanks

CC0 (public domain dedication as a fallback) isn't legal in all jurisdictions (France and Germany from the top of my head) and some FOSS projects (ex: Fedora) and corps (ex: Google) ban CC0-licensed code (as they see it more of a content / art license): https://archive.is/ukIC5

Here's an interesting discussion on suitability of CC0 (does not wavier patent rights) and Unlicense (attempts public domain dedication) for code: https://news.ycombinator.com/item?id=30554087

General recommendation is to use 0BSD / MIT0: https://archive.is/6YgVt

IANAL.

Hello can you please create a tutorial or point me to one on how to add a custom domain to cf pages? I am trying and reading about it but I haven't been successful so far.

I am from CN and wanted to use the NextDNS, but it was always slow. I followed your script and now, it works smoothly. Thank you so much.

Cloudflare Snippets, which limit script size to 32KB, RAM to 2MB, and execution (cpu) time to 5ms (all plenty for a DoH proxy), are literally $0 for any number of requests! This means, anyone can run a public DoH proxy without worrying about bots and costs. Total game changer.

Still in private alpha, but may hit public beta in about 6 months time. Opening this bug so this project switches over to snippets / experiments with it at the very least.

For ref, we are tracking it here: serverless-dns/zero#1