arcanum · infrastructure

DOH Setup.

Walk through to set up a DNS-Over-https server using DNSCrypt's doh-proxy and caddy reverse proxy.

In this blog, I will be doing a walk through to set up a Dns-Over-https server using DNSCrypt's doh-proxy and caddy reverse proxy.

01Why?

The following article explores the DNS-Over-https protocol and how to setup a server that uses DoH. DNS-Over-https has been around for quite a while and also has been utilized in Offensive security. Understanding how DOH server and architecture works is important in case an operator wants to utilize it as a mode of communication for their implant/C2.

02Setup

03Instructions

sudo apt update -y
sudo apt install unbound
sudo unbound
dig @127.0.0.1 www.google.com # To test it
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg
chmod o+r /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
domain.com {
    encode zstd gzip
    route /dns-query* {
        reverse_proxy 127.0.0.1:3000
    }
    log {
        output file /var/log/caddy/doh-access.log {

        }
        format json
    }
}
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

cargo install doh-proxy

./doh-proxy -H 'domain.com' -u 127.0.0.1:53
fig.01 // browser dns settings
Browser DNS over HTTPS settings
fig 01. browser dns-over-https configuration
— darklane // signed at depth