doh-client is a DNS over HTTPS client, which opens a local UDP (DNS) port and forwards all DNS queries to a remote
HTTP/2.0 server. By default, the client will connect to the Cloudflare DNS service. It uses Tokio
for all asynchronous IO operations and Rustls to connect to the HTTPS server.
doh-client is written in Rust. To build it you need the Rust compiler and build system cargo.
$ cargo build
or to build it as a release build
$ cargo build --release
To run the binary, you need one option (see Options)
$ ./doh-client --cafile /path/to/the/ca/file.pem
For example, if you use Arch Linux then the following command uses the system cert store:
```
```
systemd)To run the doh-client as daemon and without root under Linux with systemd as init system. The following example
will connect to the Cloudflare DNS service.
1. Build the binary see Build.
2. Copy the binary to /usr/local/bin as root:
# cp target/release/doh-client /usr/local/bin/
3. Copy the config files to /etc/systemd/system/ as root:
# cp doh-client.service doh-client.socket /etc/systemd/system
If the location of the binary is different from above then change the path in doh-client.service under ExecStart.
In the config file doh-client.service the path of the CA file is set to
/etc/ca-certificates/extracted/tls-ca-bundle.pem, adjust the path before going further (The path should be correct
if you use Arch Linux).
4. Reload systemd manager configuration:
# systemctl daemon-reload
5. Enable the doh-client as a daemon:
# systemctl enable doh-client
6. Reboot the system or start the daemon manually:
# systemctl start doh-client
7. Adjust the /etc/resolv.conf by add the following line:
nameserver 127.0.0.1
launchd)To run the doh-client as daemon and without root under Mac OS with launchd as init system. The following example
will connect to the Cloudflare DNS service.
1. Build the binary see Build.
2. Copy the binary to /usr/local/bin as root:
# cp target/release/doh-client /usr/local/bin/
3. Copy the launchd config files to /Library/LaunchDaemons/ as root:
# cp com.doh-client.daemon.plist /Library/LaunchDaemons
If the location of the binary is different from above then change the path in com.doh-client.daemon.plist under
ProgramArguments. In the config file com.doh-client.daemon.plist the path of the CA file is set to
/usr/local/share/doh-client/DigiCert_Global_Root_CA.pem, download the pem file under the following
link. Before copy the pem file to
/usr/local/share/doh-client/, make the directory doh-client with mkdir.
4. Load and start the config file as follow:
# launchctl load -w /Library/LaunchDaemons/com.doh-client.daemon.plist
5. Adjust the /etc/resolv.conf by add the following line:
nameserver 127.0.0.1
doh-client has one required option, --cafile which sets the path to a pem file, which contains the trusted CA
certificates.
```
$ ./doh-client --help
DNS over HTTPS client 1.1.2
link.ted@mailbox.org
Open a local UDP (DNS) port and forward DNS queries to a remote HTTP/2.0 server.
By default, the client will connect to the Cloudflare DNS service.
USAGE:
doh-client [FLAGS] [OPTIONS] --cafile
FLAGS: -h, --help Prints help information --listen-activation Use file descriptor 3 under Unix as UDP socket or launchactivatesocket() under Mac OS -v Sets the level of verbosity -V, --version Prints version information
OPTIONS:
-c, --cafile