DNS-over-TLS configuration to use cloudflare via knot-resolver project docker container.
We use the knot-resolver project.
The Dockerfile is using an "official" docker container image built by the open source project.
We specify a TLS policy in the config.docker:
policy.add(policy.all(policy.TLS_FORWARD({{'1.1.1.1', hostname='cloudflare-dns.com', ca_file='/data/DigiCertGlobalRootCA.crt' }})))Since we're using knot-resolver under the hood we can access some metrics from the service:
After running the container, set the ip of the container host as the DNS entry
One easy way to test that things are working is to use tcpdump on the host that is performing the DNS resolution (the one hosting the container).
% sudo tcpdump udp port 53Now we watch to make sure there are no outbound DNS requests. We should only see an inbound DNS lookup request from the host you're testing from.when you're testing).
Try looking at logs and attaching to the docker container:
Set the knot-resolver container to verbose using: verbose(true) either at the end of config.docker or by attaching to the container docker attach kresd and typing verbose(true) at the prompt. help() will get you more info at the REPL.