DoH #87

New Issue

2026-04-12T21:36:42+08:00

mybigman commented

2026-04-12 21:36:42 +08:00

(Migrated from github.com)

Noticed on your blog you had the below... can you share how to point it there?

DoH server — shipped in v0.12.0. POST /dns-query accepts RFC 8484 wire-format queries, so Firefox/Chrome can point their built-in DoH at Numa.

Tried -

http(s)://127.0.0.1/dns-query
http(s)://numa/dns-query
http(s)://numa.numa/dns-query

Noticed on your blog you had the below... can you share how to point it there? > DoH server — shipped in v0.12.0. POST /dns-query accepts [RFC 8484](https://datatracker.ietf.org/doc/html/rfc8484) wire-format queries, so Firefox/Chrome can point their built-in DoH at Numa. Tried - ``` http(s)://127.0.0.1/dns-query http(s)://numa/dns-query http(s)://numa.numa/dns-query ```

razvandimescu commented

2026-04-12 22:10:39 +08:00

(Migrated from github.com)

The DoH endpoint requires three things to align:

Host header must be numa.numa - will add 127.0.0.1 soon too
HTTPS on port 443 - needs sudo to bind. Without it, the proxy logs proxy: could not bind TLS port 443 (Permission denied) and DoH is disabled entirely.
Browser trusts the self-signed cert — Numa's CA needs to be installed.

running sudo numa install sets it up as you system dns + adding CA to your system and then you could point your browsers to https://numa.numa/dns-query (all of the above)

Firefox uses its own certificate store, not the system one. So even after sudo numa install, Firefox won't trust Numa's cert unless you either:

Import ca.pem manually in Firefox (Preferences → Certificates → Import)
Or set security.enterprise_roots.enabled = true in about:config (tells Firefox to trust system CAs)

Chrome and Safari should work out of the box

The DoH endpoint requires three things to align: 1. Host header must be numa.numa - will add 127.0.0.1 soon too 2. HTTPS on port 443 - needs sudo to bind. Without it, the proxy logs proxy: could not bind TLS port 443 (Permission denied) and DoH is disabled entirely. 3. Browser trusts the self-signed cert — Numa's CA needs to be installed. running `sudo numa install` sets it up as you system dns + adding CA to your system and then you could point your browsers to `https://numa.numa/dns-query` (all of the above) Firefox uses its own certificate store, not the system one. So even after sudo numa install, Firefox won't trust Numa's cert unless you either: 1. Import ca.pem manually in Firefox (Preferences → Certificates → Import) 2. Or set security.enterprise_roots.enabled = true in about:config (tells Firefox to trust system CAs) Chrome and Safari should work out of the box

mybigman commented

2026-04-12 22:23:36 +08:00

(Migrated from github.com)

thanks... I did use sudo numa install.

I am using opera browser which is using chrome under the hood but it doesnt work. Using chrome it self does work.

Its like opera is expecting a valid .tld :/

and when you browse a site.

thanks... I did use sudo numa install. I am using opera browser which is using chrome under the hood but it doesnt work. Using chrome it self does work. Its like opera is expecting a valid .tld :/ <img width="896" height="232" alt="Image" src="https://github.com/user-attachments/assets/04776aeb-8844-467f-8099-03e2249853e5" /> and when you browse a site. <img width="876" height="692" alt="Image" src="https://github.com/user-attachments/assets/d33818e2-d0ee-41f7-893b-8778500b953a" />

razvandimescu commented

2026-04-13 06:07:36 +08:00

(Migrated from github.com)

with version 0.13.0 there should be no issues with https://127.0.0.1/dns-query on opera let me know

mybigman commented

2026-04-13 14:31:01 +08:00

(Migrated from github.com)

thanks for that, unfortunately it does not work... I guess we cant do anything here?

razvandimescu commented

2026-04-13 14:53:38 +08:00

(Migrated from github.com)

@mybigman in my mac, i tried setting it up like this (opera fully closed) and i can see queries in the dashboard so it's working. Can you confirm you're on version 13? numa --version

python3 -c "                                                                                                                                           
  import json, os                                                                                                                                          
  path = os.path.join(os.path.expanduser('~'), 'Library/Application Support/com.operasoftware.Opera/Local State')                                        
  with open(path) as f: state = json.load(f)                                                                                                               
  state['dns_over_https'] = {**state.get('dns_over_https', {}), 'mode': 'automatic', 'templates': 'https://127.0.0.1/dns-query'}                           
  with open(path, 'w') as f: json.dump(state, f, indent=3)                                                                                                 
  print('Done — restart Opera')                                                                                                                            
  "

@mybigman in my mac, i tried setting it up like this (opera fully closed) and i can see queries in the dashboard so it's working. Can you confirm you're on version 13? `numa --version` ``` python3 -c " import json, os path = os.path.join(os.path.expanduser('~'), 'Library/Application Support/com.operasoftware.Opera/Local State') with open(path) as f: state = json.load(f) state['dns_over_https'] = {**state.get('dns_over_https', {}), 'mode': 'automatic', 'templates': 'https://127.0.0.1/dns-query'} with open(path, 'w') as f: json.dump(state, f, indent=3) print('Done — restart Opera') " ```

mybigman commented

2026-04-13 15:26:17 +08:00

(Migrated from github.com)

I rebooted my machine and its working now... very odd... thanks for your support

🎉 1

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dearsky/numa#87