dnss
dnss is a DNS over HTTPS (DoH) daemon written in Go. It can operate as a proxy that receives standard DNS queries on port 53 and forwards them to a DoH upstream server like Google's dns.google or Cloudflare's 1.1.1.1, improving DNS security and privacy on laptops and small networks. It can also run in reverse as a DoH server, accepting encrypted DNS queries over HTTPS and resolving them using the machine's regular DNS servers. Key features include support for the DoH standard (RFC 8484), an optional local cache, HTTP and HTTPS proxy support with autodetection from the environment, a monitoring HTTP server with metrics and tracing for debugging, and the ability to route specific domains to different DNS servers using a local resolver while sending the rest through DoH. The DoH server supports both standard DoH and JSON formats at /dns-query and /resolve endpoints. Installation options include Debian and Ubuntu packages, which set up the daemon in proxy mode with Google's resolvers by default, or building from