-
-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support domain endpoints [WIP] #1998
Conversation
If `netip.ParseAddr(host)` returns err, try DNS look up for `host` and return IP address associated.
|
Unfortunately this is a lot more complicated to do than this, and I'm slowly working towards a solution. The reason why no hostname is allowed is https://github.com/qdm12/gluetun-wiki/blob/main/faq/others.md#server-information
Essentially the solution is to optionally allow DNS traffic for very specific requests (matching a regex), and this will be done after #1742 is merged - still a few months of work really. It does require some firewall fiddling too, as well as some refactoring of the async logic within gluetun (already in progress, done half way). I'll close this PR for now since it cannot resolve it, and resolving it is rather complicated and a-job-for-me-since-i'm-already-working-on-it (right now I'm finishing DNSSEC support in https://github.com/qdm12/dns/tree/v2.0.0-beta so it can fully replace unbound for private DNS in Gluetun)😸 |
Also about:
Yes and it should not. Firewall gets enabled at Line 222 in 657b4b7
And all settings are read before it gets enabled at Line 183 in 657b4b7
Reading settings should be blazing fast and without external network, since we need the settings to configure the firewall as well. If we do network IO like DNS resolution when reading the settings, it means the firewall won't be enabled for a few more milliseconds which is not what we want. I left the firewall enabling after the settings reading, but within this PR it should be before then (creating another mess of firewall configuration too). |
How about using Cloudfare's DNS over HTTPS ? You can make an HTTP request to IP https://developers.cloudflare.com/1.1.1.1/encryption/dns-over-https/make-api-requests/ |
That doesn't help, it would allow other traffic to go through. All this is still blocked by #137 |
@qdm12 What about another minimal DNS server that is in the same docker network as gluetun? That can be configured as DNS, without allowing all traffic from gluetun before VPN is up? It can even run on a domain whitelist mode. This would really help people who want to access their home network with DDNS. |
Support domain as endpoint in both config files and environment.