Public | Automated Build

Last pushed: 18 days ago
Short Description
A DNS client in Go that supports Google DNS over HTTPS
Full Description


A DNS client (stub resolver) implemented in Go for the Google
It effectively encrypts all your DNS traffic. It also supports
OpenResolve by OpenDNS.

The ultimate goal for the project is to provide a secure, caching DNS client that
communicates with recursive DNS resolvers over encrypted channels only. For now,
it resolves DNS queries over HTTP/2 in independent threads. The plans for
future include better caching and support for QUIC.

Quick start

Download a pre-built binary for your platform from the latest
(or build your own binaries).

Run dingo as root on port 53. For example, on Linux:

$ sudo ./dingo-linux-amd64 -port=53

Update your DNS configuration. On Linux, edit your /etc/resolv.conf as root (remember to
make backup first), e.g.:

$ sudo sh -c "echo nameserver > /etc/resolv.conf"

Tuning dingo

You will probably want to change the default Google DNS-over-HTTPS server IP address, using the
-gdns:server option. First, resolve to IP address, which should give you the
server closest to you:

$ host has address has IPv6 address 2a00:1450:401b:800::200e

Next, pass it to dingo. If you prefer IPv6, enclose the address in brackets, e.g.:

$ sudo ./dingo-linux-amd64 -port=53 -gdns:server=[2a00:1450:401b:800::200e]

To see all options, run dingo -h:

Usage of dingo-linux-amd64:
  -bind string
        IP address to bind to (default "")
  -dbg int
        debugging level (default 2)
        Google DNS: try to lookup the closest IPv4 server
  -gdns:edns string
        Google DNS: EDNS client subnet (set to disable)
  -gdns:host string
        Google DNS: HTTP 'Host' header (real FQDN, encrypted in TLS) (default "")
        Google DNS: disable random padding
  -gdns:server string
        Google DNS: server address (default "")
  -gdns:sni string
        Google DNS: SNI string to send (should match server certificate) (default "")
  -gdns:workers int
        Google DNS: number of independent workers (default 10)
        use HTTPS/1.1 transport
  -h1:proxy string
        use Proxy of HTTP or SOCKS5, (Example "" or "socks(5)://")
        disable SSL Certificate check
        disable DNS Cache
  -odns:host string
        OpenDNS: HTTP 'Host' header (real FQDN, encrypted in TLS) (default "")
  -odns:server string
        OpenDNS: web server address (default "")
  -odns:sni string
        OpenDNS: TLS SNI string to send (unencrypted, must validate as server cert) (default "")
  -odns:workers int
        OpenDNS: number of independent workers
  -port int
        listen on port number (default 32000)

Finally, you will need to make dingo start in background each time you boot your machine. In Linux,
you might want to use the GNU Screen, which can start
processes in background. For example, you might want to add the following line to your

screen -dmS dingo /path/to/bin/dingo -port=53 -gdns:server=[2a00:1450:401b:800::200e]


Pawel Foremski,

Find me on: LinkedIn,

Docker Pull Command
Source Repository

Comments (0)