github
diff --git a/‎containers/agent/entrypoint.sh‎
Lines changed: 37 additions & 23 deletions b/‎containers/agent/entrypoint.sh‎
Lines changed: 37 additions & 23 deletions
diff --git a/‎containers/agent/setup-iptables.sh‎
Lines changed: 78 additions & 51 deletions b/‎containers/agent/setup-iptables.sh‎
Lines changed: 78 additions & 51 deletions
diff --git a/‎src/cli-workflow.ts‎
Lines changed: 4 additions & 2 deletions b/‎src/cli-workflow.ts‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎src/cli.test.ts‎
Lines changed: 27 additions & 1 deletion b/‎src/cli.test.ts‎
Lines changed: 27 additions & 1 deletion
diff --git a/‎src/cli.ts‎
Lines changed: 36 additions & 0 deletions b/‎src/cli.ts‎
Lines changed: 36 additions & 0 deletions
@@ -73,29 +73,43 @@ if [ -f /etc/resolv.conf ]; then
   # Backup original resolv.conf
   cp /etc/resolv.conf /etc/resolv.conf.orig
 
-  # Get DNS servers from environment (default to Google DNS)
-  DNS_SERVERS="${AWF_DNS_SERVERS:-8.8.8.8,8.8.4.4}"
-
-  # Create new resolv.conf with Docker embedded DNS first, then trusted external DNS servers
-  {
-    echo "# Generated by awf entrypoint"
-    echo "# Docker embedded DNS for service name resolution (squid-proxy, etc.)"
-    echo "nameserver 127.0.0.11"
-    echo "# Trusted external DNS servers for internet domain resolution"
-
-    # Add each trusted DNS server
-    IFS=',' read -ra DNS_ARRAY <<< "$DNS_SERVERS"
-    for dns_server in "${DNS_ARRAY[@]}"; do
-      dns_server=$(echo "$dns_server" | tr -d ' ')
-      if [ -n "$dns_server" ]; then
-        echo "nameserver $dns_server"
-      fi
-    done
-
-    echo "options ndots:0"
-  } > /etc/resolv.conf
-
-  echo "[entrypoint] DNS configured with Docker embedded DNS (127.0.0.11) and trusted servers: $DNS_SERVERS"
+  if [ "$AWF_DOH_ENABLED" = "true" ] && [ -n "$AWF_DOH_PROXY_IP" ]; then
+    # DNS-over-HTTPS mode: use DoH proxy as the DNS resolver
+    {
+      echo "# Generated by awf entrypoint (DNS-over-HTTPS mode)"
+      echo "# Docker embedded DNS for service name resolution (squid-proxy, etc.)"
+      echo "nameserver 127.0.0.11"
+      echo "# DNS-over-HTTPS proxy for encrypted internet domain resolution"
+      echo "nameserver $AWF_DOH_PROXY_IP"
+      echo "options ndots:0"
+    } > /etc/resolv.conf
+    echo "[entrypoint] DNS configured with Docker embedded DNS (127.0.0.11) and DoH proxy ($AWF_DOH_PROXY_IP)"
+  else
+    # Traditional DNS mode: use configured DNS servers
+    # Get DNS servers from environment (default to Google DNS)
+    DNS_SERVERS="${AWF_DNS_SERVERS:-8.8.8.8,8.8.4.4}"
+
+    # Create new resolv.conf with Docker embedded DNS first, then trusted external DNS servers
+    {
+      echo "# Generated by awf entrypoint"
+      echo "# Docker embedded DNS for service name resolution (squid-proxy, etc.)"
+      echo "nameserver 127.0.0.11"
+      echo "# Trusted external DNS servers for internet domain resolution"
+
+      # Add each trusted DNS server
+      IFS=',' read -ra DNS_ARRAY <<< "$DNS_SERVERS"
+      for dns_server in "${DNS_ARRAY[@]}"; do
+        dns_server=$(echo "$dns_server" | tr -d ' ')
+        if [ -n "$dns_server" ]; then
+          echo "nameserver $dns_server"
+        fi
+      done
+
+      echo "options ndots:0"
+    } > /etc/resolv.conf
+
+    echo "[entrypoint] DNS configured with Docker embedded DNS (127.0.0.11) and trusted servers: $DNS_SERVERS"
+  fi
 fi
 
 # Update CA certificates if SSL Bump is enabled
 
@@ -81,60 +81,82 @@ fi
 
 # Get DNS servers from environment (default to Google DNS)
 DNS_SERVERS="${AWF_DNS_SERVERS:-8.8.8.8,8.8.4.4}"
-echo "[iptables] Configuring DNS rules for trusted servers: $DNS_SERVERS"
-
-# Separate IPv4 and IPv6 DNS servers
-IPV4_DNS_SERVERS=()
-IPV6_DNS_SERVERS=()
-IFS=',' read -ra DNS_ARRAY <<< "$DNS_SERVERS"
-for dns_server in "${DNS_ARRAY[@]}"; do
-  dns_server=$(echo "$dns_server" | tr -d ' ')
-  if [ -n "$dns_server" ]; then
-    if is_ipv6 "$dns_server"; then
-      IPV6_DNS_SERVERS+=("$dns_server")
-    else
-      IPV4_DNS_SERVERS+=("$dns_server")
-    fi
-  fi
-done
 
-echo "[iptables]   IPv4 DNS servers: ${IPV4_DNS_SERVERS[*]:-none}"
-echo "[iptables]   IPv6 DNS servers: ${IPV6_DNS_SERVERS[*]:-none}"
+# Check if DNS-over-HTTPS mode is enabled
+if [ "$AWF_DOH_ENABLED" = "true" ] && [ -n "$AWF_DOH_PROXY_IP" ]; then
+  echo "[iptables] DNS-over-HTTPS mode: routing DNS through DoH proxy at $AWF_DOH_PROXY_IP"
 
-# Allow DNS queries ONLY to trusted IPv4 DNS servers (prevents DNS exfiltration)
-for dns_server in "${IPV4_DNS_SERVERS[@]}"; do
-  echo "[iptables] Allow DNS to trusted IPv4 server: $dns_server"
-  iptables -t nat -A OUTPUT -p udp -d "$dns_server" --dport 53 -j RETURN
-  iptables -t nat -A OUTPUT -p tcp -d "$dns_server" --dport 53 -j RETURN
-done
+  # Allow DNS to DoH proxy
+  iptables -t nat -A OUTPUT -p udp -d "$AWF_DOH_PROXY_IP" --dport 53 -j RETURN
+  iptables -t nat -A OUTPUT -p tcp -d "$AWF_DOH_PROXY_IP" --dport 53 -j RETURN
 
-# Allow DNS queries ONLY to trusted IPv6 DNS servers
-if [ "$IP6TABLES_AVAILABLE" = true ]; then
-  for dns_server in "${IPV6_DNS_SERVERS[@]}"; do
-    echo "[iptables] Allow DNS to trusted IPv6 server: $dns_server"
-    ip6tables -t nat -A OUTPUT -p udp -d "$dns_server" --dport 53 -j RETURN
-    ip6tables -t nat -A OUTPUT -p tcp -d "$dns_server" --dport 53 -j RETURN
+  # Allow DNS to Docker's embedded DNS server (127.0.0.11) for container name resolution
+  echo "[iptables] Allow DNS to Docker embedded DNS (127.0.0.11)..."
+  iptables -t nat -A OUTPUT -p udp -d 127.0.0.11 --dport 53 -j RETURN
+  iptables -t nat -A OUTPUT -p tcp -d 127.0.0.11 --dport 53 -j RETURN
+
+  # Allow return traffic to DoH proxy
+  iptables -t nat -A OUTPUT -d "$AWF_DOH_PROXY_IP" -j RETURN
+
+  # Set variables for OUTPUT filter chain (used later)
+  IPV4_DNS_SERVERS=()
+  IPV6_DNS_SERVERS=()
+else
+  echo "[iptables] Configuring DNS rules for trusted servers: $DNS_SERVERS"
+
+  # Separate IPv4 and IPv6 DNS servers
+  IPV4_DNS_SERVERS=()
+  IPV6_DNS_SERVERS=()
+  IFS=',' read -ra DNS_ARRAY <<< "$DNS_SERVERS"
+  for dns_server in "${DNS_ARRAY[@]}"; do
+    dns_server=$(echo "$dns_server" | tr -d ' ')
+    if [ -n "$dns_server" ]; then
+      if is_ipv6 "$dns_server"; then
+        IPV6_DNS_SERVERS+=("$dns_server")
+      else
+        IPV4_DNS_SERVERS+=("$dns_server")
+      fi
+    fi
   done
-elif [ ${#IPV6_DNS_SERVERS[@]} -gt 0 ]; then
-  echo "[iptables] WARNING: IPv6 DNS servers configured but ip6tables not available"
-fi
 
-# Allow DNS to Docker's embedded DNS server (127.0.0.11) for container name resolution
-echo "[iptables] Allow DNS to Docker embedded DNS (127.0.0.11)..."
-iptables -t nat -A OUTPUT -p udp -d 127.0.0.11 --dport 53 -j RETURN
-iptables -t nat -A OUTPUT -p tcp -d 127.0.0.11 --dport 53 -j RETURN
+  echo "[iptables]   IPv4 DNS servers: ${IPV4_DNS_SERVERS[*]:-none}"
+  echo "[iptables]   IPv6 DNS servers: ${IPV6_DNS_SERVERS[*]:-none}"
 
-# Allow return traffic to trusted IPv4 DNS servers
-echo "[iptables] Allow traffic to trusted DNS servers..."
-for dns_server in "${IPV4_DNS_SERVERS[@]}"; do
-  iptables -t nat -A OUTPUT -d "$dns_server" -j RETURN
-done
+  # Allow DNS queries ONLY to trusted IPv4 DNS servers (prevents DNS exfiltration)
+  for dns_server in "${IPV4_DNS_SERVERS[@]}"; do
+    echo "[iptables] Allow DNS to trusted IPv4 server: $dns_server"
+    iptables -t nat -A OUTPUT -p udp -d "$dns_server" --dport 53 -j RETURN
+    iptables -t nat -A OUTPUT -p tcp -d "$dns_server" --dport 53 -j RETURN
+  done
 
-# Allow return traffic to trusted IPv6 DNS servers
-if [ "$IP6TABLES_AVAILABLE" = true ]; then
-  for dns_server in "${IPV6_DNS_SERVERS[@]}"; do
-    ip6tables -t nat -A OUTPUT -d "$dns_server" -j RETURN
+  # Allow DNS queries ONLY to trusted IPv6 DNS servers
+  if [ "$IP6TABLES_AVAILABLE" = true ]; then
+    for dns_server in "${IPV6_DNS_SERVERS[@]}"; do
+      echo "[iptables] Allow DNS to trusted IPv6 server: $dns_server"
+      ip6tables -t nat -A OUTPUT -p udp -d "$dns_server" --dport 53 -j RETURN
+      ip6tables -t nat -A OUTPUT -p tcp -d "$dns_server" --dport 53 -j RETURN
+    done
+  elif [ ${#IPV6_DNS_SERVERS[@]} -gt 0 ]; then
+    echo "[iptables] WARNING: IPv6 DNS servers configured but ip6tables not available"
+  fi
+
+  # Allow DNS to Docker's embedded DNS server (127.0.0.11) for container name resolution
+  echo "[iptables] Allow DNS to Docker embedded DNS (127.0.0.11)..."
+  iptables -t nat -A OUTPUT -p udp -d 127.0.0.11 --dport 53 -j RETURN
+  iptables -t nat -A OUTPUT -p tcp -d 127.0.0.11 --dport 53 -j RETURN
+
+  # Allow return traffic to trusted IPv4 DNS servers
+  echo "[iptables] Allow traffic to trusted DNS servers..."
+  for dns_server in "${IPV4_DNS_SERVERS[@]}"; do
+    iptables -t nat -A OUTPUT -d "$dns_server" -j RETURN
   done
+
+  # Allow return traffic to trusted IPv6 DNS servers
+  if [ "$IP6TABLES_AVAILABLE" = true ]; then
+    for dns_server in "${IPV6_DNS_SERVERS[@]}"; do
+      ip6tables -t nat -A OUTPUT -d "$dns_server" -j RETURN
+    done
+  fi
 fi
 
 # Allow traffic to Squid proxy itself (prevent redirect loop)
@@ -271,11 +293,16 @@ echo "[iptables] Configuring OUTPUT filter chain rules..."
 # Allow localhost traffic
 iptables -A OUTPUT -o lo -j ACCEPT
 
-# Allow DNS queries to trusted servers
-for dns_server in "${IPV4_DNS_SERVERS[@]}"; do
-  iptables -A OUTPUT -p udp -d "$dns_server" --dport 53 -j ACCEPT
-  iptables -A OUTPUT -p tcp -d "$dns_server" --dport 53 -j ACCEPT
-done
+# Allow DNS queries to trusted servers (or DoH proxy)
+if [ "$AWF_DOH_ENABLED" = "true" ] && [ -n "$AWF_DOH_PROXY_IP" ]; then
+  iptables -A OUTPUT -p udp -d "$AWF_DOH_PROXY_IP" --dport 53 -j ACCEPT
+  iptables -A OUTPUT -p tcp -d "$AWF_DOH_PROXY_IP" --dport 53 -j ACCEPT
+else
+  for dns_server in "${IPV4_DNS_SERVERS[@]}"; do
+    iptables -A OUTPUT -p udp -d "$dns_server" --dport 53 -j ACCEPT
+    iptables -A OUTPUT -p tcp -d "$dns_server" --dport 53 -j ACCEPT
+  done
+fi
 
 # Allow DNS to Docker's embedded DNS server
 iptables -A OUTPUT -p udp -d 127.0.0.11 --dport 53 -j ACCEPT
 
@@ -2,7 +2,7 @@ import { WrapperConfig } from './types';
 
 export interface WorkflowDependencies {
   ensureFirewallNetwork: () => Promise<{ squidIp: string; agentIp: string; proxyIp: string; subnet: string }>;
-  setupHostIptables: (squidIp: string, port: number, dnsServers: string[], apiProxyIp?: string) => Promise<void>;
+  setupHostIptables: (squidIp: string, port: number, dnsServers: string[], apiProxyIp?: string, dohProxyIp?: string) => Promise<void>;
   writeConfigs: (config: WrapperConfig) => Promise<void>;
   startContainers: (workDir: string, allowedDomains: string[], proxyLogsDir?: string, skipPull?: boolean) => Promise<void>;
   runAgentCommand: (
@@ -47,7 +47,9 @@ export async function runMainWorkflow(
   // When API proxy is enabled, allow agent→sidecar traffic at the host level.
   // The sidecar itself routes through Squid, so domain whitelisting is still enforced.
   const apiProxyIp = config.enableApiProxy ? networkConfig.proxyIp : undefined;
-  await dependencies.setupHostIptables(networkConfig.squidIp, 3128, dnsServers, apiProxyIp);
+  // When DoH is enabled, the DoH proxy needs direct HTTPS access to the resolver
+  const dohProxyIp = config.dnsOverHttps ? '172.30.0.40' : undefined;
+  await dependencies.setupHostIptables(networkConfig.squidIp, 3128, dnsServers, apiProxyIp, dohProxyIp);
   onHostIptablesSetup?.();
 
   // Step 1: Write configuration files
 
@@ -1,5 +1,5 @@
 import { Command } from 'commander';
-import { parseEnvironmentVariables, parseDomains, parseDomainsFile, escapeShellArg, joinShellArgs, parseVolumeMounts, isValidIPv4, isValidIPv6, parseDnsServers, validateAgentImage, isAgentImagePreset, AGENT_IMAGE_PRESETS, processAgentImageOption, processLocalhostKeyword, validateSkipPullWithBuildLocal, validateAllowHostPorts, parseMemoryLimit, validateFormat, validateApiProxyConfig, buildRateLimitConfig, validateRateLimitFlags, hasRateLimitOptions, collectRulesetFile, validateApiTargetInAllowedDomains, DEFAULT_OPENAI_API_TARGET, DEFAULT_ANTHROPIC_API_TARGET, DEFAULT_COPILOT_API_TARGET, emitApiProxyTargetWarnings, formatItem, program, parseAgentTimeout, applyAgentTimeout, handlePredownloadAction } from './cli';
+import { parseEnvironmentVariables, parseDomains, parseDomainsFile, escapeShellArg, joinShellArgs, parseVolumeMounts, isValidIPv4, isValidIPv6, parseDnsServers, parseDnsOverHttps, validateAgentImage, isAgentImagePreset, AGENT_IMAGE_PRESETS, processAgentImageOption, processLocalhostKeyword, validateSkipPullWithBuildLocal, validateAllowHostPorts, parseMemoryLimit, validateFormat, validateApiProxyConfig, buildRateLimitConfig, validateRateLimitFlags, hasRateLimitOptions, collectRulesetFile, validateApiTargetInAllowedDomains, DEFAULT_OPENAI_API_TARGET, DEFAULT_ANTHROPIC_API_TARGET, DEFAULT_COPILOT_API_TARGET, emitApiProxyTargetWarnings, formatItem, program, parseAgentTimeout, applyAgentTimeout, handlePredownloadAction } from './cli';
 import { redactSecrets } from './redact-secrets';
 import * as fs from 'fs';
 import * as path from 'path';
@@ -782,6 +782,32 @@ describe('cli', () => {
     });
   });
 
+  describe('parseDnsOverHttps', () => {
+    it('should return undefined when value is undefined', () => {
+      expect(parseDnsOverHttps(undefined)).toBeUndefined();
+    });
+
+    it('should return default Google resolver when value is true (flag without argument)', () => {
+      const result = parseDnsOverHttps(true);
+      expect(result).toEqual({ url: 'https://dns.google/dns-query' });
+    });
+
+    it('should return custom resolver URL when provided', () => {
+      const result = parseDnsOverHttps('https://cloudflare-dns.com/dns-query');
+      expect(result).toEqual({ url: 'https://cloudflare-dns.com/dns-query' });
+    });
+
+    it('should return error for non-https URL', () => {
+      const result = parseDnsOverHttps('http://dns.google/dns-query');
+      expect(result).toEqual({ error: '--dns-over-https resolver URL must start with https://' });
+    });
+
+    it('should return error for plain string without https prefix', () => {
+      const result = parseDnsOverHttps('dns.google');
+      expect(result).toEqual({ error: '--dns-over-https resolver URL must start with https://' });
+    });
+  });
+
   describe('DEFAULT_DNS_SERVERS', () => {
     it('should have correct default DNS servers', async () => {
       // Dynamic import to get the constant
 
@@ -587,6 +587,26 @@ export function parseDnsServers(input: string): string[] {
   return servers;
 }
 
+const DEFAULT_DOH_RESOLVER = 'https://dns.google/dns-query';
+
+/**
+ * Parses and validates the --dns-over-https option value.
+ * Commander sets the value to `true` when the flag is used without an argument.
+ * Returns the resolved URL, or an error string.
+ */
+export function parseDnsOverHttps(
+  value: boolean | string | undefined
+): { url: string } | { error: string } | undefined {
+  if (value === undefined) {
+    return undefined;
+  }
+  const resolvedUrl: string = value === true ? DEFAULT_DOH_RESOLVER : String(value);
+  if (!resolvedUrl.startsWith('https://')) {
+    return { error: '--dns-over-https resolver URL must start with https://' };
+  }
+  return { url: resolvedUrl };
+}
+
 /**
  * Result of processing the localhost keyword in allowed domains
  */
@@ -1020,6 +1040,10 @@ program
     'Comma-separated trusted DNS servers',
     '8.8.8.8,8.8.4.4'
   )
+  .option(
+    '--dns-over-https [resolver-url]',
+    'Enable DNS-over-HTTPS via sidecar proxy (default: https://dns.google/dns-query)'
+  )
   .option(
     '--enable-host-access',
     'Enable access to host services via host.docker.internal',
@@ -1287,6 +1311,17 @@ program
       process.exit(1);
     }
 
+    // Parse and validate --dns-over-https
+    let dnsOverHttps: string | undefined;
+    const dohResult = parseDnsOverHttps(options.dnsOverHttps);
+    if (dohResult && 'error' in dohResult) {
+      logger.error(dohResult.error);
+      process.exit(1);
+    } else if (dohResult) {
+      dnsOverHttps = dohResult.url;
+      logger.info(`DNS-over-HTTPS enabled: ${dnsOverHttps}`);
+    }
+
     // Parse --allow-urls for SSL Bump mode
     let allowedUrls: string[] | undefined;
     if (options.allowUrls) {
@@ -1381,6 +1416,7 @@ program
       volumeMounts,
       containerWorkDir: options.containerWorkdir,
       dnsServers,
+      dnsOverHttps,
       memoryLimit: memoryLimit.value,
       proxyLogsDir: options.proxyLogsDir,
       enableHostAccess: options.enableHostAccess,