From 6b435f3e62a8dd31f077e76c5dbc110ec9c69a88 Mon Sep 17 00:00:00 2001 From: Julien Barbot Date: Mon, 20 Jul 2020 18:25:35 +0200 Subject: [PATCH] Update README.md for new --ednsopt option --- README.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8e304885e..83bb0a2f8 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,7 @@ Application Options: --refuse-any If specified, refuse ANY requests --edns Use EDNS Client Subnet extension --edns-addr= Send EDNS Client Address + --ednsopt= List of EDNS extensions to send along with the DNS query (ex: 8:deadbeaf) --ipv6-disabled If specified, all AAAA requests will be replied with NoError RCode and empty answer --bogus-nxdomain= Transform responses that contain only given IP addresses into NXDOMAIN. Can be specified multiple times. --version Prints the program version @@ -202,6 +203,25 @@ If you want to use EDNS CS feature when you're connecting to the proxy from a lo Now even if your IP address is 192.168.0.1 and it's not a public IP, the proxy will pass through 72.72.72.72 to the upstream server. + +### EDNS Generic raw option + +You can add any EDNS extension of your choice with the `--ednsopt` flag. + +The option argument for this flag is of the form: + + option_code:base64_data + +where: + +`option_code` is a 16 bit unsigned integer (0-65535) +`base64_data` is a base64 encoded byte array + +``` +DATA=$(echo -n "This is a binary string" | base64) +./dnsproxy -u 8.8.8.8:53 --ednsopt="4242:${DATA}" +``` + ### Bogus NXDomain This option is similar to dnsmasq `bogus-nxdomain`. If specified, `dnsproxy` transforms responses that contain only the given IP addresses into `NXDOMAIN`. Can be specified multiple times. @@ -210,4 +230,4 @@ In the example below, we use AdGuard DNS server that returns `0.0.0.0` for block ``` ./dnsproxy -u 176.103.130.130:53 --bogus-nxdomain=0.0.0.0 -``` \ No newline at end of file +```