Skip to content

Add support for Unix sockets for Web Service and DoH #1753

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
IngmarStein wants to merge 3 commits into
base: master
Choose a base branch
from
+258 −3
Open

Add support for Unix sockets for Web Service and DoH #1753

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
50ff93c
Add support for Unix sockets for Web Service and DoH
IngmarStein Feb 26, 2026
8324391
Merge upstream master into feature/unix-sockets
IngmarStein Apr 27, 2026
950f183
Merge upstream master into feature/unix-sockets
IngmarStein Jun 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
94 changes: 94 additions & 0 deletions DnsServerCore/Dns/DnsServer.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,8 @@ enum ServiceState
int _dnsOverTlsPort = 853;
int _dnsOverHttpsPort = 443;
int _dnsOverQuicPort = 853;
string _dnsOverHttpUnixSocket;
string _dnsOverHttpsUnixSocket;
IReadOnlyCollection<NetworkAccessControl> _dnsReverseProxyNetworkACL;
string _dnsTlsCertificatePath;
string _dnsTlsCertificatePassword;
Expand Down Expand Up @@ -1125,6 +1127,23 @@ private void ReadConfigFrom(Stream s, bool isConfigTransfer)
int maxStatFileDays = bR.ReadInt32();
if (!isConfigTransfer)
_statsManager.MaxStatFileDays = maxStatFileDays;

if (version >= 3)
{
if (bR.ReadByte() > 0)
{
string socket = bR.ReadShortString();
if (!isConfigTransfer)
_dnsOverHttpUnixSocket = socket;
}

if (bR.ReadByte() > 0)
{
string socket = bR.ReadShortString();
if (!isConfigTransfer)
_dnsOverHttpsUnixSocket = socket;
}
}
}

private void WriteConfigTo(Stream s)
Expand Down Expand Up @@ -1409,6 +1428,26 @@ private void WriteConfigTo(Stream s)
bW.Write(_queryLog is not null); //log all queries
bW.Write(_statsManager.EnableInMemoryStats);
bW.Write(_statsManager.MaxStatFileDays);

if (string.IsNullOrWhiteSpace(_dnsOverHttpUnixSocket))
{
bW.Write((byte)0);
}
else
{
bW.Write((byte)1);
bW.WriteShortString(_dnsOverHttpUnixSocket);
}

if (string.IsNullOrWhiteSpace(_dnsOverHttpsUnixSocket))
{
bW.Write((byte)0);
}
else
{
bW.Write((byte)1);
bW.WriteShortString(_dnsOverHttpsUnixSocket);
}
}

#endregion
Expand Down Expand Up @@ -6431,6 +6470,9 @@ private async Task StartDoHAsync(bool throwIfBindFails)
{
foreach (IPAddress localAddress in localAddresses)
serverOptions.Listen(localAddress, _dnsOverHttpPort);

if (!string.IsNullOrWhiteSpace(_dnsOverHttpUnixSocket))
serverOptions.ListenUnixSocket(_dnsOverHttpUnixSocket);
}

//bind to https port
Expand All @@ -6453,6 +6495,22 @@ private async Task StartDoHAsync(bool throwIfBindFails)
}, null);
});
}

if (!string.IsNullOrWhiteSpace(_dnsOverHttpsUnixSocket))
{
serverOptions.ListenUnixSocket(_dnsOverHttpsUnixSocket, delegate (ListenOptions listenOptions)
{
if (IsHttp2Supported())
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
else
listenOptions.Protocols = HttpProtocols.Http1;

listenOptions.UseHttps(delegate (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken)
{
return ValueTask.FromResult(_dohSslServerAuthenticationOptions);
}, null);
});
}
}

serverOptions.AddServerHeader = false;
Expand Down Expand Up @@ -6494,6 +6552,18 @@ private async Task StartDoHAsync(bool throwIfBindFails)
if (_enableDnsOverHttps && (_dohSslServerAuthenticationOptions is not null))
_log.Write(new IPEndPoint(localAddress, _dnsOverHttpsPort), "Https", "DNS Server was bound successfully.");
}

if (_enableDnsOverHttp)
{
if (!string.IsNullOrWhiteSpace(_dnsOverHttpUnixSocket))
_log.Write(new IPEndPoint(IPAddress.None, 0), "Http", $"DNS Server was bound successfully on unix socket: {_dnsOverHttpUnixSocket}");
}

if (_enableDnsOverHttps && (_dohSslServerAuthenticationOptions is not null))
{
if (!string.IsNullOrWhiteSpace(_dnsOverHttpsUnixSocket))
_log.Write(new IPEndPoint(IPAddress.None, 0), "Https", $"DNS Server was bound successfully on unix socket: {_dnsOverHttpsUnixSocket}");
}
}
catch (Exception ex)
{
Expand All @@ -6508,6 +6578,18 @@ private async Task StartDoHAsync(bool throwIfBindFails)
_log.Write(new IPEndPoint(localAddress, _dnsOverHttpsPort), "Https", "DNS Server failed to bind.");
}

if (_enableDnsOverHttp)
{
if (!string.IsNullOrWhiteSpace(_dnsOverHttpUnixSocket))
_log.Write(new IPEndPoint(IPAddress.None, 0), "Http", $"DNS Server failed to bind on unix socket: {_dnsOverHttpUnixSocket}");
}

if (_enableDnsOverHttps && (_dohSslServerAuthenticationOptions is not null))
{
if (!string.IsNullOrWhiteSpace(_dnsOverHttpsUnixSocket))
_log.Write(new IPEndPoint(IPAddress.None, 0), "Https", $"DNS Server failed to bind on unix socket: {_dnsOverHttpsUnixSocket}");
}

_log.Write(ex);

if (throwIfBindFails)
Expand Down Expand Up @@ -7623,6 +7705,18 @@ public int DnsOverQuicPort
}
}

public string DnsOverHttpUnixSocket
{
get { return _dnsOverHttpUnixSocket; }
set { _dnsOverHttpUnixSocket = value; }
}

public string DnsOverHttpsUnixSocket
{
get { return _dnsOverHttpsUnixSocket; }
set { _dnsOverHttpsUnixSocket = value; }
}

public IReadOnlyCollection<NetworkAccessControl> DnsReverseProxyNetworkACL
{
get { return _dnsReverseProxyNetworkACL; }
Expand Down
74 changes: 73 additions & 1 deletion DnsServerCore/DnsWebService.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,8 @@ public sealed partial class DnsWebService : IAsyncDisposable, IDisposable

//web service
IReadOnlyList<IPAddress> _webServiceLocalAddresses = [IPAddress.Any, IPAddress.IPv6Any];
string _webServiceHttpUnixSocket;
string _webServiceTlsUnixSocket;
int _webServiceHttpPort = 5380;
int _webServiceTlsPort = 53443;
bool _webServiceEnableTls;
Expand Down Expand Up @@ -548,6 +550,19 @@ private void ReadConfigFrom(Stream s)
CheckAndLoadSelfSignedCertificate(false, false);

_webServiceRealIpHeader = s.ReadShortString();

if (version >= 2)
{
if (s.ReadByte() > 0)
{
_webServiceHttpUnixSocket = s.ReadShortString();
}

if (s.ReadByte() > 0)
{
_webServiceTlsUnixSocket = s.ReadShortString();
}
}
}

private void WriteConfigTo(Stream s)
Expand Down Expand Up @@ -584,7 +599,27 @@ private void WriteConfigTo(Stream s)
else
s.WriteShortString(_webServiceTlsCertificatePassword);

s.WriteShortString(_webServiceRealIpHeader);
bW.WriteShortString(_webServiceRealIpHeader);

if (string.IsNullOrWhiteSpace(_webServiceHttpUnixSocket))
{
bW.Write((byte)0);
}
else
{
bW.Write((byte)1);
bW.WriteShortString(_webServiceHttpUnixSocket);
}

if (string.IsNullOrWhiteSpace(_webServiceTlsUnixSocket))
{
bW.Write((byte)0);
}
else
{
bW.Write((byte)1);
bW.WriteShortString(_webServiceTlsUnixSocket);
}
}

#endregion
Expand Down Expand Up @@ -1764,6 +1799,9 @@ private async Task StartWebServiceAsync(bool httpOnlyMode)
foreach (IPAddress webServiceLocalAddress in _webServiceLocalAddresses)
serverOptions.Listen(webServiceLocalAddress, _webServiceHttpPort);

if (!string.IsNullOrWhiteSpace(_webServiceHttpUnixSocket))
serverOptions.ListenUnixSocket(_webServiceHttpUnixSocket);

//https
if (!httpOnlyMode && _webServiceEnableTls && (_webServiceSslServerAuthenticationOptions is not null))
{
Expand All @@ -1784,6 +1822,22 @@ private async Task StartWebServiceAsync(bool httpOnlyMode)
}, null);
});
}

if (!string.IsNullOrWhiteSpace(_webServiceTlsUnixSocket))
{
serverOptions.ListenUnixSocket(_webServiceTlsUnixSocket, delegate (ListenOptions listenOptions)
{
if (IsHttp2Supported())
listenOptions.Protocols = HttpProtocols.Http1AndHttp2;
else
listenOptions.Protocols = HttpProtocols.Http1;

listenOptions.UseHttps(delegate (SslStream stream, SslClientHelloInfo clientHelloInfo, object state, CancellationToken cancellationToken)
{
return ValueTask.FromResult(_webServiceSslServerAuthenticationOptions);
}, null);
});
}
}

serverOptions.AddServerHeader = false;
Expand Down Expand Up @@ -1865,6 +1919,15 @@ private async Task StartWebServiceAsync(bool httpOnlyMode)
if (!httpOnlyMode && _webServiceEnableTls && (_webServiceSslServerAuthenticationOptions is not null))
_log.Write(new IPEndPoint(webServiceLocalAddress, _webServiceTlsPort), "Https", "Web Service was bound successfully.");
}

if (!string.IsNullOrWhiteSpace(_webServiceHttpUnixSocket))
_log.Write(new IPEndPoint(IPAddress.None, 0), "Http", $"Web Service was bound successfully on unix socket: {_webServiceHttpUnixSocket}");

if (!httpOnlyMode && _webServiceEnableTls && (_webServiceSslServerAuthenticationOptions is not null))
{
if (!string.IsNullOrWhiteSpace(_webServiceTlsUnixSocket))
_log.Write(new IPEndPoint(IPAddress.None, 0), "Https", $"Web Service was bound successfully on unix socket: {_webServiceTlsUnixSocket}");
}
}
catch
{
Expand All @@ -1878,6 +1941,15 @@ private async Task StartWebServiceAsync(bool httpOnlyMode)
_log.Write(new IPEndPoint(webServiceLocalAddress, _webServiceTlsPort), "Https", "Web Service failed to bind.");
}

if (!string.IsNullOrWhiteSpace(_webServiceHttpUnixSocket))
_log.Write(new IPEndPoint(IPAddress.None, 0), "Http", $"Web Service failed to bind on unix socket: {_webServiceHttpUnixSocket}");

if (!httpOnlyMode && _webServiceEnableTls && (_webServiceSslServerAuthenticationOptions is not null))
{
if (!string.IsNullOrWhiteSpace(_webServiceTlsUnixSocket))
_log.Write(new IPEndPoint(IPAddress.None, 0), "Https", $"Web Service failed to bind on unix socket: {_webServiceTlsUnixSocket}");
}

throw;
}

Expand Down
1 change: 1 addition & 0 deletions DnsServerCore/WebServiceAuthApi.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ private void WriteCurrentSessionDetails(Utf8JsonWriter jsonWriter, UserSession c
jsonWriter.WriteStartObject("info");

jsonWriter.WriteString("version", _dnsWebService.GetServerVersion());
jsonWriter.WriteBoolean("supportsUnixSockets", Environment.OSVersion.Platform == PlatformID.Unix || Environment.OSVersion.Platform == PlatformID.MacOSX);
jsonWriter.WriteString("uptimestamp", _dnsWebService._uptimestamp);
jsonWriter.WriteString("dnsServerDomain", _dnsWebService._dnsServer.ServerDomain);
jsonWriter.WriteNumber("defaultRecordTtl", _dnsWebService._dnsServer.AuthZoneManager.DefaultRecordTtl);
Expand Down
36 changes: 36 additions & 0 deletions DnsServerCore/WebServiceSettingsApi.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,9 @@ private void WriteDnsSettings(Utf8JsonWriter jsonWriter)

jsonWriter.WriteEndArray();

jsonWriter.WriteString("webServiceHttpUnixSocket", _dnsWebService._webServiceHttpUnixSocket);
jsonWriter.WriteString("webServiceTlsUnixSocket", _dnsWebService._webServiceTlsUnixSocket);

jsonWriter.WriteNumber("webServiceHttpPort", _dnsWebService._webServiceHttpPort);
jsonWriter.WriteBoolean("webServiceEnableTls", _dnsWebService._webServiceEnableTls);
jsonWriter.WriteBoolean("webServiceEnableHttp3", _dnsWebService._webServiceEnableHttp3);
Expand Down Expand Up @@ -231,6 +234,9 @@ private void WriteDnsSettings(Utf8JsonWriter jsonWriter)
jsonWriter.WriteNumber("dnsOverHttpsPort", _dnsWebService._dnsServer.DnsOverHttpsPort);
jsonWriter.WriteNumber("dnsOverQuicPort", _dnsWebService._dnsServer.DnsOverQuicPort);

jsonWriter.WriteString("dnsOverHttpUnixSocket", _dnsWebService._dnsServer.DnsOverHttpUnixSocket);
jsonWriter.WriteString("dnsOverHttpsUnixSocket", _dnsWebService._dnsServer.DnsOverHttpsUnixSocket);

jsonWriter.WritePropertyName("dnsReverseProxyNetworkACL");
{
jsonWriter.WriteStartArray();
Expand Down Expand Up @@ -889,6 +895,24 @@ public async Task SetDnsSettingsAsync(HttpContext context)
_dnsWebService._webServiceLocalAddresses = WebUtilities.GetValidKestrelLocalAddresses(webServiceLocalAddresses);
}

if (request.TryGetQueryOrForm("webServiceHttpUnixSocket", out string webServiceHttpUnixSocket))
{
if (_dnsWebService._webServiceHttpUnixSocket != webServiceHttpUnixSocket)
{
restartWebService = true;
}
_dnsWebService._webServiceHttpUnixSocket = webServiceHttpUnixSocket;
}

if (request.TryGetQueryOrForm("webServiceTlsUnixSocket", out string webServiceTlsUnixSocket))
{
if (_dnsWebService._webServiceTlsUnixSocket != webServiceTlsUnixSocket)
{
restartWebService = true;
}
_dnsWebService._webServiceTlsUnixSocket = webServiceTlsUnixSocket;
}

if (request.TryGetQueryOrForm("webServiceHttpPort", int.Parse, out int webServiceHttpPort))
{
if (_dnsWebService._webServiceHttpPort != webServiceHttpPort)
Expand Down Expand Up @@ -1118,6 +1142,18 @@ public async Task SetDnsSettingsAsync(HttpContext context)
}
}

if (request.TryQueryOrFormArray("dnsOverHttpUnixSocket", NetworkAccessControl.Parse, out NetworkAccessControl[] dnsOverHttpUnixSocket))
{
_dnsWebService._dnsServer.DnsOverHttpUnixSocket = dnsOverHttpUnixSocket.Length > 0 ? dnsOverHttpUnixSocket[0] : string.Empty;
restartDnsService = true;
}

if (request.TryQueryOrFormArray("dnsOverHttpsUnixSocket", NetworkAccessControl.Parse, out NetworkAccessControl[] dnsOverHttpsUnixSocket))
{
_dnsWebService._dnsServer.DnsOverHttpsUnixSocket = dnsOverHttpsUnixSocket.Length > 0 ? dnsOverHttpsUnixSocket[0] : string.Empty;
restartDnsService = true;
}

if (request.TryQueryOrFormArray("dnsReverseProxyNetworkACL", NetworkAccessControl.Parse, out NetworkAccessControl[] dnsReverseProxyNetworkACL))
_dnsWebService._dnsServer.DnsReverseProxyNetworkACL = dnsReverseProxyNetworkACL;
else if (request.TryQueryOrFormArray("reverseProxyNetworkACL", NetworkAccessControl.Parse, out dnsReverseProxyNetworkACL))
Expand Down
Loading