Update INSTALL.md, and add README.md and FAQs.md

Author: miketeo

FAQs.md

@@ -0,0 +1,60 @@
+Frequently-Asked Questions
+==========================
+
+**Can I use other upstream DNS servers?**
+
+Yes, you can use other public DNS servers from other providers like Google, Cloudflare and Quad9. You can even use your own DNS services.
+
+**How do I prevent the IP address and DNS query information being output?**
+
+Edit ```log.conf``` and upgrade the rule in the [rules] from *INFO* to *NOTICE* like the following:
+```
+[rules]
+ds_.NOTICE >stdout; local
+```
+
+If you wish to customize the log format or to redirect the output to log files, please consult the documentation at [zlog](https://hardysimpson.github.io/zlog/UsersGuide-EN.html#htoc14) for more information.
+
+**Do I need to run DohService as superuser?**
+
+If you are not listening on port 443 (IANA designated port for HTTPS), you do not need and should not run DohService as superuser.
+
+I will recommend running DohService under another port number (higher than 1024 which will avoid the need for superuser privileges). You can specify the port number via the ```--port```. Example to listen on port 10443,
+```
+DohService --port=10443 --dns=208.67.222.222,208.67.220.220 <SSL-key-file> <SSL-cert-fullchain-file>
+```
+
+If you are running DohService as another user, please ensure that the user has read-write access to log.conf and the folder.
+
+**DohService fails to run with error: "unable to init log from log.conf"**
+
+Please ensure that the user has read-write access to log.conf and the folder. If this cannot be done, please add the ```rotate lock file``` parameter in log.conf
+```
+[global]
+rotate lock file = /tmp/dohservice.lock
+```
+
+**Why is libjemalloc.so bundled in DohService.zip?**
+
+[jemalloc](http://jemalloc.net/) is a malloc implementation that helps to avoid memory fragmentation that could happen for long running applications.
+
+I have chosen not to link to jemalloc directly in the DohService. Instead, if you are interested to use jemalloc, you can start inject it into the DohService at runtime like this:
+```
+$bash> LD_PRELOAD=/opt/dohservice/libjemalloc.so /opt/dohservice/DohService ...
+```
+
+**How do I run DohService as a daemon service?**
+
+DohService is not designed to run as a daemon service. However, you can run DohService under other process control systems like [supervisord](http://supervisord.org/) or runit.
+
+The following is the configuration for supervisord which runs the DohService under *www-data* user.
+```
+[program:dohservice]
+environment=LD_PRELOAD="/opt/dohservice/libjemalloc.so"
+command=/opt/dohservice/DohService --port=10443 --dns=208.67.222.222,208.67.220.220 /etc/letsencrypt/live/dns.example.com/privkey.pem /etc/letsencrypt/live/dns.example.com/fullchain.pem
+directory=/opt/dohservice
+user=www-data
+autorestart=true
+stdout_logfile=/var/log/supervisor/dohservice_stdout.log
+stderr_logfile=/var/log/supervisor/dohservice_stderr.log
+```

INSTALL.md

@@ -1,6 +1,8 @@
 Building
 ========
 
+DohService was developed on Ubuntu 16.04 LTS (x64). It should compile on other later Ubuntu releases.
+
 Install additional dependencies for development as superuser
 ```
 $> apt-get install libz-dev libbz2-dev automake autoconf bison flex make wget
@@ -16,12 +18,14 @@ Then go to deps-src and build the rest of the dependencies as developer user
 $> cd deps-src && make
 ```
 
+If you encounter issues, you may file a ticket on the project website at github,
+or check the [FAQs.md](FAQs.md) file.
+
 Getting SSL certificate
 =======================
 
-I use acme.sh from [acme.sh)(https://github.com/Neilpang/acme.sh) to prepare the SSL certificate
-on my local development node. You can also use [https://certbot.eff.org/](certbot) for your public
-DOH service.
+I use [acme.sh](https://github.com/Neilpang/acme.sh) to prepare the SSL certificate
+on my local development node. You can also use [https://certbot.eff.org/](certbot) to get a free SSL certificate for your public DOH service.
 
 Running
 =======
@@ -33,6 +37,8 @@ and your full-chain cert file (containing both the CA and SSL certificates).
 $> ./DohService --port=10443 --dns=8.8.8.8,8.8.4.4 <keyfile> <certfile>
 ```
 
+On FireFox and other DOH-supported web browsers, you can then use this URL **https://[hostname]:10443/dns-query** to resolve the hostnames in the URLs against the DohService.
+
 Testing
 =======
 

README.md

@@ -0,0 +1,27 @@
+About DohService
+================
+
+DohService receives incoming DNS query requests from supported web browsers using DNS-over-HTTPS (DOH) protocol, and then resolves the hostnames in these requests using other upstream DNS services on port 53.
+
+When Mozilla announced rollout of DOH, critics criticized its decision as DOH can break DNS-based content filters that had been put in place to deny access to explicit, obscene or otherwise objectionable web sites.
+
+Personally, I like the idea of a secure DNS service as I often access the web on my laptop using public Wifi services where there are risks of DNS poisoning and data privacy issues.
+
+With DohService, I can now setup my personal DOH service on a publicly-accessible Internet server. When I configure DohService to use [OpenDNS](https://www.opendns.com/) as the upstream DNS servers, I can also register the DohService's IP address and have a more customized web site filtering experience through OpenDNS filtering options.
+
+With this setup, I have a more personalized DNS filtering capability (through OpenDNS) along with the privacy protection offered by DOH.
+
+Building
+========
+
+To build the DohService, please refer to the [INSTALL.md](INSTALL.md) file.
+
+Questions and Issues
+====================
+
+Please check out the [FAQs.md](FAQs,md) or file a ticket on the issues section at the project web site on github.
+
+License
+=======
+
+DohService is licensed under zlib license. Please check the [LICENSE.md](LICENSE.md) file for more details.