96222927a3
This PR adds a middleware that talks to dns.google.com over HTTPS, meaning all your DNS traffic is encrypted when traversing your ISP and the internet. The `dns.google.com` address is re-resolved every 30 seconds.
32 lines
565 B
Go
32 lines
565 B
Go
package httpproxy
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/miekg/dns"
|
|
)
|
|
|
|
// Exchanger is an interface that specifies a type implementing a DNS resolver that
|
|
// uses a HTTPS server.
|
|
type Exchanger interface {
|
|
Exchange(*dns.Msg) (*dns.Msg, error)
|
|
|
|
SetUpstream(*simpleUpstream) error
|
|
OnStartup() error
|
|
OnShutdown() error
|
|
}
|
|
|
|
func newClient(sni string) *http.Client {
|
|
tls := &tls.Config{ServerName: sni}
|
|
|
|
c := &http.Client{
|
|
Timeout: time.Second * timeOut,
|
|
Transport: &http.Transport{TLSClientConfig: tls},
|
|
}
|
|
|
|
return c
|
|
}
|
|
|
|
const timeOut = 5
|