Unbreaking the Internet and Converting Protocols
Published Apr 09, 2018
Version 1.0Was this article helpful?
One more VS that I didn't mention, here's the complete list (separated for clarity):
1.1.1.1:53 UDP -> To 1.0.0.1
1.1.1.1:80 HTTP -> To server
192.168.1.113:53 UDP -> DNS Cache (DNS over TLS)
192.168.1.114:53 UDP -> DNS Cache (DNS over HTTPS)
192.168.1.254:53 TCP -> DNS over TLS (just performing TLS upgrade)
192.168.1.254:53 UDP -> DNS over HTTPS (performing conversion from UDP to HTTPS requests)
192.168.1.253:80 TCP -> HTTP to HTTPS (validate HTTPS server certificate, upgrade from HTTP to HTTPS)
In the article I only reference a single DNS cache, but the above example assumes that you use two separate caches (one configured for only clientside UDP and the other only for clientside TCP)
In my article the corresponding pools
1.1.1.1:53 UDP -> pool: 1.0.0.1
1.1.1.1:80 HTTP -> pool: 192.168.1.66
192.168.1.113:53 UDP -> DNS cache forward . -> 192.168.1.254:53 TCP
192.168.1.114:53 UDP -> DNS cache forward . -> 192.168.1.254:53 UDP
192.168.1.254:53 TCP -> 1.0.0.1:853 (w/ serverssl profile)
192.168.1.254:53 UDP -> iRule + iRuleLX that calls 192.168.1.253:80
192.168.1.253:80 TCP -> FQDN pool to cloudflare-dns.com