A simple, fast DNS-over-TLS forwarding server with hybrid LRU/MFA caching written in Go.
The server forwards to an user-specified list of upstream DNS-over-TLS servers in parallel, returning and caching the first result received.
The default list of upstream servers is:
- CloudFlare
one.one.one.one:[email protected] - Google
dns.google:[email protected]
Other popular upstream servers known to support DNS-over-TLS are:
- Quad9 (filters malware)
dns.quad9.net:[email protected] - Quad9 (no filtering)
dns10.quad9.net:[email protected]
A custom comma-separated list of upstream servers can be specified with the -s command line flag.
-a address:port
address:port to listen on. In order to listen on the loopback interface only, use `127.0.0.1:53`. To listen on any interface, use `:53` (default ":53")
-d print debug log messages
-em
collect metrics on evictions
-l string
log file path
-minTTL minTTL
minimum TTL in seconds to send to clients. If the TTL provided upstream is smaller, minTTL is used. (default 60)
-pprof int
port to use for pprof debugging. If set to 0 (default) pprof will not be started.
-s string
comma-separated list of upstream servers (default "one.one.one.one:[email protected],dns.google:[email protected]")Thanks to @empijei for the great Go mentoring in design and style and several contributions.