DNSoverTLS

DNSoverTLS

A class that manages a connection to a DNS-over-TLS server. The first time lookup is called, a connection will be created. If that connection is timed out by the server, a new connection will be created as needed. If you want to do certificate pinning, make sure that the `hash` and `hashAlg` options are set correctly to a hash of the DER-encoded certificate that the server will offer.

Constructor

new DNSoverTLS(opts)

Construct a new DNSoverTLS.
Source:
Parameters:
Name Type Description
opts object Options.
Name Type Attributes Default Description
host string <optional>
 '1.1.1.1' Server to connect to.
port number <optional>
 853 TCP port number for server.
hash string <optional>
 Hex-encoded hash of the DER-encoded cert expected from the server. If not specified, no pinning checks are performed.
hashAlg string <optional>
 'sha256' Hash algorithm for cert pinning.
rejectUnauthorized boolean <optional>
 true Should the server certificate even be checked using the normal TLS approach?
verbose number <optional>
 0 How verbose do you want your logging?
verboseStream Writable <optional>
 process.stderr Where to write verbose output.

Classes

DNSoverTLS

Members

bufs :Array.<Buffer>

Source:
Type:
  • Array.<Buffer>

nof :NoFilter

Source:
Type:
  • NoFilter

pending :Object.<number, Pending>

Source:
Type:

socket :tls.TLSSocket

Source:
Type:
  • tls.TLSSocket

Methods

(static) hashCert(cert, hashAlgopt) → {string}

Hash a certificate using the given algorithm.
Source:
Parameters:
Name Type Attributes Default Description
cert Buffer | crypto.X509Certificate The cert to hash.
hashAlg string <optional>
 "sha256" The hash algorithm to use.
Throws:
Unknown certificate type.
Type
Error
Returns:
Type:
string
Hex string.

close() → {Promise.<void>}

Close the socket.
Source:
Returns:
Type:
Promise.<void>
Resolved on socket close.

(async) lookup(name, optsopt) → {Promise.<(Buffer|object)>}

Look up a name in the DNS, over TLS.
Source:
Parameters:
Name Type Attributes Default Description
name DOT_LookupOptions | string The DNS name to look up, or opts if this is an object.
opts DOT_LookupOptions | string <optional>
 {} Options for the request. If a string is given, it will be used as the rrtype.
Returns:
Type:
Promise.<(Buffer|object)>
Response.

Events

certificate

Fired on connection when the server sends a certificate.
Properties:
Name Type Description
cert crypto.Certificate A crypto.Certificate from the server.
host string The hostname the client thinks it is connecting to.
hash string The hash computed over the cert.
Source:

connect

Fired right before connection is attempted.
Properties:
Name Type Description
cert object lookup options.
Source:

disconnect

Server disconnected. All pending requests will have failed.
Source:

receive

A buffer of data has been received from the server. Useful for verbose logging, e.g.
Source:

send

A buffer of data has been sent to the server. Useful for verbose logging, e.g.
Source: