From cb499db3797f979d885542ef752beb084a7086c0 Mon Sep 17 00:00:00 2001 From: Vladislav Yarmak Date: Thu, 8 Jan 2026 22:53:27 +0200 Subject: [PATCH] use custom CA pool for DoH --- resolver/factory.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/resolver/factory.go b/resolver/factory.go index 7a6c2c5..8b5f7a3 100644 --- a/resolver/factory.go +++ b/resolver/factory.go @@ -5,8 +5,10 @@ import ( "crypto/x509" "errors" "net" + "net/http" "net/url" "strings" + "time" "github.com/ncruces/go-dns" ) @@ -50,7 +52,18 @@ begin: parsed.Scheme = "https" u = parsed.String() } - return dns.NewDoHResolver(u, dns.DoHAddresses(net.JoinHostPort(host, port))) + return dns.NewDoHResolver(u, + dns.DoHAddresses(net.JoinHostPort(host, port)), + dns.DoHTransport(&http.Transport{ + MaxIdleConns: http.DefaultMaxIdleConnsPerHost, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ForceAttemptHTTP2: true, + TLSClientConfig: &tls.Config{ + RootCAs: caPool, + }, + }), + ) case "tls", "dot": if port == "" { port = "853"