added DNS over TLS

config.yml

@@ -22,6 +22,12 @@ forward:
 
 address: 0.0.0.0:8053
 
+tls:
+  enable: true
+  address: 0.0.0.0:8853
+  cert: cert.crt
+  key: private.key
+
 blacklist:
   - url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
     format: host

coolDns.go

@@ -29,6 +29,7 @@ type config struct {
 	Forward   configForward     `yaml:"forward"`
 	Address   string            `yaml:"address"`
 	Blacklist []configBlacklist `yaml:"blacklist"`
+	TLS       configTLS         `yaml:"tls"`
 }
 
 type configForward struct {
@@ -52,6 +53,13 @@ type configBlacklist struct {
 	Format string `yaml:"format"`
 }
 
+type configTLS struct {
+	Enable  bool   `yaml:"enable"`
+	Address string `yaml:"address"`
+	Cert    string `yaml:"cert"`
+	Key     string `yaml:"key"`
+}
+
 var anyRecordTypes = []uint16{
 	dns.TypeSOA,
 	dns.TypeA,
@@ -236,6 +244,14 @@ func listenAndServer(server *dns.ServeMux, address string) {
 	}()
 }
 
+func listenAndServerTLS(server *dns.ServeMux, address, cert, key string) {
+	go func() {
+		if err := dns.ListenAndServeTLS(address, cert, key, server); err != nil {
+			log.Fatalf("Failed to set DoT listener %s", err.Error())
+		}
+	}()
+}
+
 func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool {
 	if len(alcRules) != 0 {
 		passed := false
@@ -354,6 +370,12 @@ func main() {
 
 	listenAndServer(server, config.Address)
 
+	if config.TLS.Enable {
+		listenAndServerTLS(server, config.TLS.Address, config.TLS.Cert, config.TLS.Key)
+
+		log.Printf("Start listening on tcp %s for tls", config.TLS.Address)
+	}
+
 	log.Printf("Start listening on udp %s and tcp %s\n", config.Address, config.Address)
 
 	sig := make(chan os.Signal)