use custom CA pool for DoH

2026-05-13 14:11:00 +00:00 · 2026-01-08 22:53:27 +02:00
parent bef4ab7784
commit cb499db379
1 changed files with 14 additions and 1 deletions
@@ -5,8 +5,10 @@ import (
 	"crypto/x509"
 	"errors"
 	"net"
+	"net/http"
 	"net/url"
 	"strings"
+	"time"

 	"github.com/ncruces/go-dns"
 )
@@ -50,7 +52,18 @@ begin:
 			parsed.Scheme = "https"
 			u = parsed.String()
 		}
-		return dns.NewDoHResolver(u, dns.DoHAddresses(net.JoinHostPort(host, port)))
+		return dns.NewDoHResolver(u,
+			dns.DoHAddresses(net.JoinHostPort(host, port)),
+			dns.DoHTransport(&http.Transport{
+				MaxIdleConns:        http.DefaultMaxIdleConnsPerHost,
+				IdleConnTimeout:     90 * time.Second,
+				TLSHandshakeTimeout: 10 * time.Second,
+				ForceAttemptHTTP2:   true,
+				TLSClientConfig: &tls.Config{
+					RootCAs: caPool,
+				},
+			}),
+		)
 	case "tls", "dot":
 		if port == "" {
 			port = "853"