From 5a765dc7f90c2ebc9a11cd79dcfbd8a8b8d99fcd Mon Sep 17 00:00:00 2001 From: Shulhan Date: Thu, 26 Mar 2026 05:34:30 +0700 Subject: lib/dns: refactoring DoT and DoH to use address instead of port Using port makes the IP address of DoT and DoH listen on the same address with UDP. If we set ListenAddress to 0.0.0.0 and TLS termination is handled by proxy, this cause DoT and DoH will also listen on all addresses. --- lib/dns/server_options.go | 30 ++++++++---------------------- 1 file changed, 8 insertions(+), 22 deletions(-) (limited to 'lib/dns/server_options.go') diff --git a/lib/dns/server_options.go b/lib/dns/server_options.go index d53b1abd..89a6912b 100644 --- a/lib/dns/server_options.go +++ b/lib/dns/server_options.go @@ -41,6 +41,14 @@ type ServerOptions struct { // This field is optional, default to "0.0.0.0:53". ListenAddress string `ini:"dns:server:listen"` + // DoHListen address for listening DNS over HTTP (DoH). + // If its empty, the server will not serve DoH. + DoHListen string `ini:"dns:server:doh.listen"` + + // DoTListen address for listening DNS over TLS (DoT). + // If its empty, the server will not serve DoT. + DoTListen string `ini:"dns:server:dot.listen"` + // TLSCertFile contains path to certificate for serving DNS over TLS // and HTTPS. // This field is optional, if its empty, server will listening on @@ -108,14 +116,6 @@ type ServerOptions struct { // it. Debug int `ini:"dns:server:debug"` - // HTTPPort port for listening DNS over HTTP (DoH), default to 0. - // If its zero, the server will not serve DNS over HTTP. - HTTPPort uint16 `ini:"dns:server:http.port"` - - // TLSPort port for listening DNS over TLS, default to 0. - // If its zero, the server will not serve DNS over TLS. - TLSPort uint16 `ini:"dns:server:tls.port"` - port uint16 // TLSAllowInsecure option to allow to serve DoH with self-signed @@ -180,20 +180,6 @@ func (opts *ServerOptions) getTCPAddress() *net.TCPAddr { } } -func (opts *ServerOptions) getHTTPAddress() *net.TCPAddr { - return &net.TCPAddr{ - IP: opts.ip, - Port: int(opts.HTTPPort), - } -} - -func (opts *ServerOptions) getDoTAddress() *net.TCPAddr { - return &net.TCPAddr{ - IP: opts.ip, - Port: int(opts.TLSPort), - } -} - // parseNameServers parse each name server in NameServers list based on scheme // and store the result either in udpAddrs, tcpAddrs, dohAddrs, or dotAddrs. // -- cgit v1.3