This is a python proxy server that will accept, encrypt and relay DNS queries to cloudflare's DNS server over TLS.
./build.sh
Point your client to 172.17.0.2
on port 853. For example
kdig -d @172.17.0.2 -p 853 example.com
- The connection between the client and this proxy is definitely not encrypted, and succeptible to man-in-the-middle snooping on the local network.
- This is a pretty good use-case for being a microservice. It does only one (arguably two, if you consider encryption) specific thing, and can easily be horizontally scaled out into multiple instances and load balanced, or vertically scaled if we want each proxy to have more processing power for higher throughput. It would be hosted on a small ec2 instance with only port 853 open, and only allowing connections from the local subnet or VPC for other services which require dns resolution.
- We could cache the requests for frequently requested hostnames.