A lightweight DNS forwarder with support for UDP, TCP, and DNS-over-HTTPS (DoH) protocols.
- Multiple Protocol Support: UDP, TCP, and DNS-over-HTTPS (DoH)
- Flexible Upstream Configuration: Multiple upstream DNS servers with configurable strategies
- Caching System: Memory cache and persistent cache with customizable TTL
- Local Reverse Resolution: Custom PTR record mappings
- DNS Rules Engine: Flexible rules for domain rewriting and forwarding
- Web Interface: Built-in web UI for monitoring and management
- Performance Optimization: Configurable connection limits and timeouts
- Logging System: Comprehensive logging with multiple output options
- Go 1.18 or later
git clone https://github.com/moeart/moeart-tiny-forwarder.git
cd moeart-tiny-forwarder
go build -o moeart-tiny-forwarder main.goPre-built binaries are available for various platforms on the releases page.
config.yaml: Main configuration filerule.yaml: DNS forwarding rules configuration
See config.yaml.example for a complete configuration example with explanations.
See rule.yaml for DNS rules configuration examples.
- Copy the example configuration file:
cp config.yaml.example config.yaml- Edit the configuration file according to your needs:
server:
listen:
udp: ":53"
tcp: ":53"
doh: ":8443"
upstream:
strategy: "parallel"
servers:
- address: "1.1.1.1"
port: 53
protocol: "udp"
enabled: true
- address: "8.8.8.8"
port: 53
protocol: "udp"
enabled: true./moeart-tiny-forwarderUsage: moeart-tiny-forwarder [options]
Options:
-config string
Path to configuration file (default "config.yaml")
-rule string
Path to rules file (default "rule.yaml")
-log-level string
Log level (debug, info, warn, error) (default "info")
-help
Show this help message
You can test the DNS forwarder using tools like dig:
dig @localhost example.comFor DoH testing:
dig +https @localhost/dns-query example.comThe built-in web interface provides monitoring and management capabilities.
https://your-server-ip:8443/webui
Default credentials: admin / password
- Dashboard: Overview of server status and statistics
- Cache Management: View and manage cached DNS records
- Diagnostic Tools: Test DNS queries directly from the web interface
The rules engine allows you to customize DNS resolution behavior:
- Direct IP Response: Return specific IP addresses for matching domains
- Domain Rewriting: Rewrite domain names based on patterns
- Custom Upstream: Use specific upstream servers for matching domains
- Compression Mutation: Bypass certain filtering mechanisms
rules:
- pattern: "^.*\\.example\\.com$"
address: "93.184.216.34"
- pattern: "^www\\.google\\.cn$"
address: "www.google.com"
nameserver: "8.8.8.8"server:
performance:
max_goroutines: 1000
max_connections: 10000
read_timeout: 5s
write_timeout: 5s
idle_timeout: 30scache:
memory:
enabled: true
max_size: 10000
max_ttl: 3600
persistent:
enabled: true
path: "./data/cache.db"
fixed_ttl: 60- Use strong passwords for the web interface
- Enable HTTPS for the web interface and DoH server
- Restrict access to the DNS server to trusted networks
- Regularly update the software to the latest version
-
Port already in use:
- Check if another DNS server is running on port 53
- Use a different port in the configuration
-
No response from upstream servers:
- Verify upstream server addresses and ports
- Check network connectivity
- Adjust timeout settings
-
Web interface not accessible:
- Verify DoH server is enabled
- Check SSL certificate configuration
- Ensure firewall allows access to the configured port
Logs are stored in the configured directory (default: ./logs/). You can also view logs in real-time:
tail -f ./logs/moeart-tiny-forwarder.logContributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the MIT License - see the LICENSE file for details.