A Simple DoH Server written in PHP with support for Blocklists and Basic Logging
There was a need for being able to spin up a DoH Compatible Server with the ability to capture and or block requests based on the request payload. This Project aims at providing a simple DoH Server that works with basic PHP Servers by limiting the dependencies used so it is highly portable.
The overall design is quite simple:
- Listen for the standard types of DoH requests that pass either a GET param or post a binary payload in DNS Wire Format.
- Attempt to parse the binary payload to determine the requested domain name.
- Check the domain name and determine a DOMAIN_CODE_LEVEL by using publicly available blocklists that are cached to the server for a period of time.
- Optionally save logs about the request to an encrypted file for use later by other systems such as a Notifier.
- If the domain is in a block list then respond with a 0.0.0.0 & :: DNS Response.
- If the domain is allowed, proxy the request to a random DoH Server
- Clone the repo to a PHP server instance
- Point a public domain name at the server.
- Update the passphrase either by setting an ENV variable or updating index.php
- Update the AllowedIdentities array in index.php
- Optionally setup any other options in index.php for your desired use case.
- To setup a DoH client using an apple device just visit your public domain using the following template:
https://<public_domain_name_from_step_2>/<allowed_identity_from_step_4>/<any_device_name_for_your_client_url_encoded>?dl
- Enjoy :)
This project would not have been possible without re-using some MIT Licensed code from the following repos: https://github.com/reactphp/dns