1 files changed, 33 insertions, 7 deletions

diff --git a/internal/server/server.go b/internal/server/server.go
index a90e5ac..74add95 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -2,6 +2,7 @@ package server
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
 	"log/slog"
 	"net"
@@ -30,12 +31,13 @@ type Server struct {
 	admin       *Admin
 	aclNets     []*net.IPNet
 	rateLimiter *rateLimiter
+	dot         *dns.Server
 
-	mu    sync.RWMutex
-	upUDP bool
-	upTCP bool
-	upDoH bool
-
+	mu     sync.RWMutex
+	upUDP  bool
+	upTCP  bool
+	upDoH  bool
+	upDoT  bool
 	cancel context.CancelFunc
 }
 
@@ -45,10 +47,12 @@ func (s *Server) Ready() bool {
 	wantUDP := s.cfg.ListenUDP != ""
 	wantTCP := s.cfg.ListenTCP != ""
 	wantDoH := s.cfg.ListenDOH != ""
-	return (!wantUDP || s.upUDP) && (!wantTCP || s.upTCP) && (!wantDoH || s.upDoH)
+	wantDoT := s.cfg.ListenDoT != ""
+	return (!wantUDP || s.upUDP) && (!wantTCP || s.upTCP) && (!wantDoH || s.upDoH) &&
+		(!wantDoT || s.upDoT)
 
 }
-func New(udpAddr, tcpAddr, dohAddr string, logger *slog.Logger, r *resolver.Resolver, c *cache.Cache, bl *blocklist.Blocklist, cfg config.Config) (*Server, error) {
+func New(udpAddr, tcpAddr, dohAddr, dotAddr string, tlsCfg *tls.Config, logger *slog.Logger, r *resolver.Resolver, c *cache.Cache, bl *blocklist.Blocklist, cfg config.Config) (*Server, error) {
 	baseCtx, cancel := context.WithCancel(context.Background())
 	s := &Server{
 		logger:      logger,
@@ -94,6 +98,16 @@ func New(udpAddr, tcpAddr, dohAddr string, logger *slog.Logger, r *resolver.Reso
 		}
 	}
 
+	if dotAddr != "" && tlsCfg != nil {
+
+		s.dot = &dns.Server{
+			Addr:        dotAddr,
+			Net:         "tcp",
+			Handler:     mux,
+			TLSConfig:   tlsCfg,
+			ReadTimeout: 5 * time.Second,
+		}
+	}
 	if dohAddr != "" {
 		dohMux := http.NewServeMux()
 		dohMux.HandleFunc("/dns-query", s.dohHandler)
@@ -122,6 +136,9 @@ func (s *Server) Run(ctx context.Context) error {
 	if s.doh != nil {
 		s.upDoH = true
 	}
+	if s.dot != nil {
+		s.upDoT = true
+	}
 	s.mu.Unlock()
 
 	if s.admin != nil {
@@ -149,6 +166,12 @@ func (s *Server) Run(ctx context.Context) error {
 			errCh <- s.doh.ListenAndServe()
 		}()
 	}
+	if s.dot != nil {
+		go func() {
+			s.logger.Info("dot listener active", "addr", s.dot.Addr)
+			errCh <- s.dot.ListenAndServe()
+		}()
+	}
 
 	select {
 	case <-ctx.Done():
@@ -180,6 +203,9 @@ func (s *Server) Close() error {
 	if s.tcp != nil {
 		s.tcp.Shutdown(context.Background())
 	}
+	if s.dot != nil {
+		s.dot.Shutdown(context.Background())
+	}
 	if s.doh != nil {
 		s.doh.Close()
 	}