DoH proxy: https-dns-proxy new RFC8484-supporting package and Web UI

Yeah, nordVpn doesn't have a DoH Server

If I use the Nordvpn app with custom dns server, like Cloudflare, it will pick up the dns server location closes to the Nordvpn IP.

With Nordvpn connection through Openvpn in the router, using Pbr and https-dns-proxy packages, if I chose Cloudflare in https-dns-proxy, I get the server closer to the WAN IP location, not the NordVPN one. Yes, the WAN is the default service gateway in PBR. Is there an option to change that, or it will just use the WAN IP as the default location clue.

There seems to be a hard to catch bug between dnsmasq and https-dns-proxy so that I would get no name resolution from dnsmasq (happens maybe once or twice a week) although both services appear to work fine.
Had to make a script that calls /etc/init.d/https-dns-proxy restart when that happens.
And unfortunately had no success catching when or why it happens.

1 Like

You could try to force the https-dns-proxy traffic to the VPN tunnel, I'd experiment with creating the policy for the output chain targeting remote port 443 and see if that works.

However, if your VPN tunnel is down, it would prevent DNS resolution and (unless otherwise configured) access to NTP servers without which, on devices without the built-in clocks, the WG connections can't be established.

There used to be an issue where on some WAN interface updates the https-dns-proxy needed to be restarted and I thought I fixed that.