aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/netwatch-dns.md9
-rw-r--r--netwatch-dns.rsc7
2 files changed, 15 insertions, 1 deletions
diff --git a/doc/netwatch-dns.md b/doc/netwatch-dns.md
index a208d00..70b766a 100644
--- a/doc/netwatch-dns.md
+++ b/doc/netwatch-dns.md
@@ -43,6 +43,15 @@ Giving a specific query url for DoH is possible:
Note that using a name in DoH url may introduce a chicken-and-egg issue!
+Adding a static DNS record has the same result for the url, but always
+resolves to the same address.
+
+ /ip/dns/static/add name="dns.nextdns.io" address=199.247.16.158;
+ /tool/netwatch/add comment="doh" host=199.247.16.158;
+
+Be aware that you have to keep the ip address in sync with real world
+manually!
+
Importing a certificate automatically is possible, at least if available in
the repository (see `certs` sub directory).
diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc
index 3e3e27c..c5c8ed1 100644
--- a/netwatch-dns.rsc
+++ b/netwatch-dns.rsc
@@ -64,10 +64,15 @@ $ScriptLock $0;
:foreach Host in=[ /tool/netwatch/find where comment~"\\bdoh\\b" status="up" ] do={
:local HostVal [ /tool/netwatch/get $Host ];
:local HostInfo [ $ParseKeyValueStore ($HostVal->"comment") ];
+ :local HostName [ /ip/dns/static/find where name address=($HostVal->"host") \
+ (!type or type="A" or type="AAAA") !disabled !dynamic ];
+ :if ([ :len $HostName ] > 0) do={
+ :set HostName [ /ip/dns/static/get ($HostName->0) name ];
+ }
:if ($HostInfo->"doh" = true && $HostInfo->"disabled" != true && $DohServer = "") do={
:set DohServer [ $EitherOr ($HostInfo->"doh-url") \
- ("https://" . $HostVal->"host" . "/dns-query") ];
+ ("https://" . [ $EitherOr $HostName ($HostVal->"host") ] . "/dns-query") ];
:set DohCert ($HostInfo->"doh-cert");
}
}