It's reasonably obvious from various replies to this tweet (https://twitter.com/bentasker/status/1122088753495969793
) that there's an appetite for some documentation on how to set up your own ad-blocking DNS over HTTPS server.
So, the aim of this task is to spin up a new publicly accessible one and document the process with a focus on
- Blocking ads/trackers by pulling my adblock lists (https://www.bentasker.co.uk/adblock/
- Configuring in such a way that it should be reasonably safe to make publicly available
- (Optionally) configuring to make accessible via an Onion name
As with my initial attempt, I want to have a DoH handler sat in front of unbound
(which will handle the adblock lists, caching and forwarding queries onto an upstream recursor where they cannot be handled locally).
I previously used this DoH server - https://github.com/m13253/dns-over-https
- to handle the DoH part, and see no reason not to again.
The ultimate outcome should be a working server and
a step-by-step guide on how to build it. A working ansible
playbook would be a bonus.
However, there is a secondary aspect to this that I'd like to look into (and should, theoretically, be possible):
I'd like to look into the possibility of writing some LUA to accept DoH requests, translate them into DNS requests (to Unbound
) and then translate the response back into something to be returned to the client. That way, I can potentially deploy a DoH service across the entire edge of my personal (and admittedly small) CDN.
I'll raise a subtask for that aspect of it nearer the time, it's definitely not the primary aim, and is simply being noted so that I don't forget.