feat(dot): PROXY protocol v2 to preserve client IP behind L4 front-end #143

New Issue

2026-04-24T04:35:39+08:00

bcookatpcsd commented

2026-04-24 04:35:39 +08:00

(Migrated from github.com)

[doh]
	enabled = true
	port = 4433
	bind_addr = "10.20.0.15"
	# cert_path = "file.crt"
	# key_path = "file.key"
    cert_path = "/etc/lego/certificates/dns.domain.tld.crt"
    key_path = "/etc/lego/certificates/dns.domain.tld.key"

Looks like this does not exist..

but dot does?

``` [doh] enabled = true port = 4433 bind_addr = "10.20.0.15" # cert_path = "file.crt" # key_path = "file.key" cert_path = "/etc/lego/certificates/dns.domain.tld.crt" key_path = "/etc/lego/certificates/dns.domain.tld.key" ``` Looks like this does not exist.. but dot does?

bcookatpcsd commented

2026-04-24 06:31:02 +08:00

(Migrated from github.com)

Will do dnsdist.. back end not seeing front end IPs is not a problem..

wish list..

proxy protocol?

Will do dnsdist.. back end not seeing front end IPs is not a problem.. wish list.. - proxy protocol?

razvandimescu commented

2026-04-25 23:48:29 +08:00

(Migrated from github.com)

in the receipts you cand find the doh over lan configuration, there is little bit more work to do for the proxy to be elevated for public requests hence dnsdist shouldnbe the goto setup for now

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/numa#143