From 81a86ee0430c0ffccfa7e8116d383341037e07da Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 27 Nov 2023 13:17:17 +0100 Subject: netwatch-dns: get doh host name from static dns --- doc/netwatch-dns.md | 9 +++++++++ netwatch-dns.rsc | 7 ++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/doc/netwatch-dns.md b/doc/netwatch-dns.md index a208d00..70b766a 100644 --- a/doc/netwatch-dns.md +++ b/doc/netwatch-dns.md @@ -43,6 +43,15 @@ Giving a specific query url for DoH is possible: Note that using a name in DoH url may introduce a chicken-and-egg issue! +Adding a static DNS record has the same result for the url, but always +resolves to the same address. + + /ip/dns/static/add name="dns.nextdns.io" address=199.247.16.158; + /tool/netwatch/add comment="doh" host=199.247.16.158; + +Be aware that you have to keep the ip address in sync with real world +manually! + Importing a certificate automatically is possible, at least if available in the repository (see `certs` sub directory). diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc index 3e3e27c..c5c8ed1 100644 --- a/netwatch-dns.rsc +++ b/netwatch-dns.rsc @@ -64,10 +64,15 @@ $ScriptLock $0; :foreach Host in=[ /tool/netwatch/find where comment~"\\bdoh\\b" status="up" ] do={ :local HostVal [ /tool/netwatch/get $Host ]; :local HostInfo [ $ParseKeyValueStore ($HostVal->"comment") ]; + :local HostName [ /ip/dns/static/find where name address=($HostVal->"host") \ + (!type or type="A" or type="AAAA") !disabled !dynamic ]; + :if ([ :len $HostName ] > 0) do={ + :set HostName [ /ip/dns/static/get ($HostName->0) name ]; + } :if ($HostInfo->"doh" = true && $HostInfo->"disabled" != true && $DohServer = "") do={ :set DohServer [ $EitherOr ($HostInfo->"doh-url") \ - ("https://" . $HostVal->"host" . "/dns-query") ]; + ("https://" . [ $EitherOr $HostName ($HostVal->"host") ] . "/dns-query") ]; :set DohCert ($HostInfo->"doh-cert"); } } -- cgit v1.2.3-54-g00ecf