ns2dohd is a local DNS-to-DoH gateway daemon.
It listens on 127.0.0.1:53 (by default), accepts classic DNS requests, and forwards them to a trusted DoH endpoint using wolfSSL + nghttp2.
Build requirements: gcc or clang, make, wolfSSL, nghttp2.
- Build binaries:
make build- Install binaries and manpages (default prefix
/usr/local):
sudo make installYou can override installation paths, for example:
sudo make install PREFIX=/usrRun as root to bind port 53, then drop privileges using -u:
ns2dohd -d https://dns.dyne.org/dns-query -u nobodyns2dohd daemonizes by default. Use -F to stay in foreground.
Common options:
-d <https://...>DoH endpoint URL (mandatory)-Oenable ODoH client mode--odoh-proxy <https://...>ODoH proxy URL (required with-O)--odoh-config <file>binary target ODoH config file (required with-O)-p <port>local UDP port (default:53)-u <user>drop privileges after bind-r <resolver_ip>bootstrap resolver used to resolve the DoH endpoint host (default:1.1.1.1)-A <cafile>custom CA bundle-Fforeground mode-vverbose logs
See full options with:
ns2dohd -h
man ns2dohdTo use ns2dohd as your host DNS resolver, configure your system DNS to point to localhost.
Set:
nameserver 127.0.0.1
Set 127.0.0.1 as the primary DNS server in your active network profile, then reconnect.
After either configuration, keep ns2dohd running as a background daemon as root (with -u recommended).
Notes:
ns2dohduses a separate bootstrap resolver (default1.1.1.1) for resolving the DoH endpoint hostname, avoiding resolver recursion.- Change bootstrap resolver with
-r, for example-r 9.9.9.9. - In ODoH mode, the
-dendpoint is the target resolver and is automatically passed to the proxy astargethostandtargetpath.
Do not treat a same-host or same-organization proxy+target deployment as private ODoH operation. The ODoH threat model assumes independent proxy and target operators.
Local co-location is only suitable for protocol evaluation and debugging.
This is free software distributed under the GNU Affero General Public License (AGPLv3).
Author: Dyne.org Foundation <info@dyne.org>
