DoH-capable DNS forwarder

This project will require using Python to build a simple DNS forwarder with domain blocking and DoH capabilities. This DNS forwarder will need to do the following: (1) receive an arbitrary DNS message from a client, (2) check if the domain name should be blocked, and if so respond with an NXDomain message, (3) if the queried domain name is allowed, forward the DNS message to either standard DNS resolver or a DoH-capable resolver, (4) wait for the response from the resolver and forward it back to the client. === Details === Schema: Client <==> DNS forwarder <==> DNS resolver < = = = > (DNS NSes) ^^^^^^^^^^^^^ Command line parameters: $ ./dns_forwarder.py -h usage: dns_forwarder.py [-h] [-d DST_IP] -f DENY_LIST_FILE [-l LOG_FILE] [--doh] [--doh_server DOH_SERVER] optional arguments: -h, --help show this help message and exit -d DST_IP Destination DNS server IP -f DENY_LIST_FILE File containing domains to block -l LOG_FILE Append-only log file --doh Use default upstream DoH server --doh_server DOH_SERVER Use this upstream DoH server Requirements: If --doh or --doh_server are specified, the forwarder MUST forward the DNS query using the DoH protocol If --doh or --doh_server are not specified, the forwarder MUST forward the DNS query using the DNS protocol The DNS forwarder MUST receive DNS messages from the client via a simple UDP server socket. When DoH is not used, the forwarder must use a simple UDP client socket to forward the client's query to the DNS resolver The DENY_LIST_FILE file MUST contain a (potentially empty) list of domain name and domain names, and domain name substrings that MUST be blocked by the forwarder. DoH REQUESTS You are required to use GET requests as defined in RFC 8484. For instance, a DNS request for (qname='example.com', qtype='A') would look like: https://dns.google/dns-query?dns=AAABAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE Note: do not use the JSON API provided by some DNS operators. You can find more information here: https://developers.google.com/speed/public-dns/docs/secure-transports#doh https://developers.cloudflare.com/1.1.1.1/encrypted-dns/dns-over-https/make-api-requests/dns-wireformat https://datatracker.ietf.org/doc/html/rfc8484 DENY LIST FORMAT The deny list provided in input will be a text file (not necessarily ending in .txt) containing one domain name per line. For instance: www.example.com cobweb.cs.uga.edu yahoo.co.jp only fully qualified domains should be blocked. For instance, in the above example only a domain matching yahoo.co.jp must be blocked (e.g., www.yahoo.co.jp should not be blocked). LOG FILE ENTRY FORMAT The log file should be a text file containing a record of all domain names and query types that have been requested, and whether the request was blocked or allowed. For instance: www.google.com A ALLOW google.com NS ALLOW www.yahoo.co.jp A DENY yahoo.co.jp MX DENY www.youtube.com A ALLOW www.example.com A DENY