Re: [Doh] Running code
Massimiliano Fantuzzi <superfantuz@gmail.com> Wed, 07 March 2018 15:35 UTC
Return-Path: <superfantuz@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A3E2128961 for <doh@ietfa.amsl.com>; Wed, 7 Mar 2018 07:35:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AOYyGZwXJ8bY for <doh@ietfa.amsl.com>; Wed, 7 Mar 2018 07:35:11 -0800 (PST)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F0E812778D for <doh@ietf.org>; Wed, 7 Mar 2018 07:35:11 -0800 (PST)
Received: by mail-qk0-x232.google.com with SMTP id s198so3124695qke.5 for <doh@ietf.org>; Wed, 07 Mar 2018 07:35:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=nurtxQDfpXiBfEfyVIXtlbWwcKcXwjO1ibq5Ouo4yno=; b=YEDDpo33CdsTnsVLpgUmF3mZLYpBpnhekJh7vZlIlf1GWWcqdOqTTm7ya96eDclA0x QrqOmwZfvEGAq6wfPjS5MJbeM5PLZpyPSv5lmGc0UaOaCXBoRiAaiTbNTRHSlrC1StIK 1Cj/PB8yRHTJh96bpbfRvpdBjuJbv1M/e8MMYOdIuxRYHvahJIxMqho5OcxGUenfYykR f0IbUqmxHViHmWYTU+Tz+b/LMJhiABiPbyMGKCYtQ3rN2W4FnTDh+M9GDVWqrzZocTWH wZHiOq4Jqqd3JKoA4l6Au7anOywc1gzQQ9vLlsU8VstxqqBZukDviDs7eQBsUHgjtTB5 WtBg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=nurtxQDfpXiBfEfyVIXtlbWwcKcXwjO1ibq5Ouo4yno=; b=JYZ9U8SU76kbbCd8KgIDleiEVet3UFmo3z7EAuUKXH72RdMhmuUOLAZVAQUn68O7r1 t9OYPvRyUUpeC5j6EQR8bP4lg92tCa+3YQ7FnyixdJjZ4e65ZFTMkkL6ykwHaks6o+cq PAwuBo8lnsu0XepnOnPYtNe+UPUdGUi+ig8ONLDrNYClAJ9L/+XlEdic8j2D6ev25xeB HOFIRwdQ8wpkfA6fhxM3NJdNUqiYbV1UylcMqTcXCzvfa35Qvo7iDu5MFoku1fDN9i26 Rxz3WPCrXswk/i0bIFcWmp/J5S2vyKc2Z2R1W++LehbXZ10LzrP9A27IRMTeWxi24K6c oE9g==
X-Gm-Message-State: AElRT7H8QmZdb8busHKiUJbjN5kk94yWnFwxWT6vHNfDj/QWVSP3O7fB G6eBuhCaudwDe2klCc1WBz48kpa8ByIXVNslJ9e/HQ==
X-Google-Smtp-Source: AG47ELvHdl9u9Tqvu1GghgCrlsibvNVByM7VUI3GXGA+/e0MqSYHhmb8rKnB2eSty9F+H6oJwjZ03bAhILxKghv43mw=
X-Received: by 10.55.171.6 with SMTP id u6mr33770455qke.175.1520436909602; Wed, 07 Mar 2018 07:35:09 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.46.72 with HTTP; Wed, 7 Mar 2018 07:35:08 -0800 (PST)
From: Massimiliano Fantuzzi <superfantuz@gmail.com>
Date: Wed, 07 Mar 2018 16:35:08 +0100
Message-ID: <CABwxwWg-DrAiYf5xZg1FbKgyGJPjJL9fzRRBKRP+=HeuG7=3AA@mail.gmail.com>
To: doh@ietf.org
Content-Type: multipart/alternative; boundary="089e08e589a5e67a8a0566d44dc6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/0DrjDsBuNGtSgulIKNQYB6Av2QA>
Subject: Re: [Doh] Running code
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2018 15:35:19 -0000
Hi to the Doh mailing list and group, Bringing your attention to an interesting project (born around 2009). DNSP is written in C (local client server) and PHP (remote resolver): https://github.com/fantuz/DNSProxy it WAS NOT built on "H2 compliancy" by the time, quite obviuously. Now thanks to more recent CURL libs, the H2 part has been added and passing tests; by this weekend I can commit to have it completely DOH-aware. Some functions/plugins for DNSP are being staged and to be released soon. more features are to be supported with minimum effort. Redis cache for example is trivial, adding QUIC might be not. Please let me know your feedback ! The tree of the project might look ugly to you; I am not a software engineer, just a passionate technician (sysadmin/networking/webservers/db) with sufficient debug skills. The initial credit goes to Andrea Fabrizi who created alpha DNSP back in 2009. Since 2010 I have been thinking of how to expand further this idea, got lucky enough to test its functionality within a small satellite-provider in some time later (2013) [1] Andrea has fully authorized me to take on his project as he would not have interest or time to carry on. Code changed quite a bit, but the core hasn't (principle was good). I even created an Arduino version, as POC and for fun :) As I could not find any draft on a DOH topic back then (DNSSEC was rolling out) I cannot even name that many experiments on embrionic-Doh ancestors, per my knowledge, The only 3 examples deserving a credit for being innovative in vehiculating DNS over differernt channels are to me "dnspod"[2] and Pcap_DNSProxy[3] and more recently, ChinaDNS[4]. Might there be other, I let you complete. Summarising: - DNSP did its modest job, against DNS censorship, blocking/locating/redirecting and leaks, offering a *mitigation* to TOR-leaks and helping people bypass Chinese walls or anycast/proximity DNS... outside of Torsocks (i was on that for short time). - It also proved being "practical" on highly-delayed network paths with possibly high packet loss (airplane use squid to cache traffic as much as possible). - since geolocation, anycast and CDNs step into the game, such a tool showed being helpful as valuable workaround in *some* situation (an user reported watchning Netflix via DNSP, not sure if still holds true, is not my scope). Hopefully just less than a month ago I discovered the D-o-H draft version 3 and this working group.... *Such a reliev !! I have been wating on DoH even prior it's "officiial" birth :)* After I got to know about the upcoming London IETF Hackathon, I am implementing DOH-set-of-features including ease of use and ease of deploy (for the moment is more a local DNS than a distributed one, not impossible to scale out, is just threads and send_to). The phase of making it compliant with DOH-proposed-format(s) is almost completed (check README or run the code). In my simplicistic roadmap I am still somehow willing to support Google DNS and keep supporting my ultrabasic standard (the q-type is contained in GET/POST request, simplicistic but my initial purposes was to shorten answers, by tailoring the response packet without ADDITIONAL and AUTHORITY sections) and veichulating such via proxied HTTP (fast responses, TTL valid). Probably there was no buzz about DNS over HTTP because such transport/encapsulation direction was not foreseenable or desired few years ago.... surely there will be objections, in terms of traceability (law enforcement to mention one). The increased demand for "anonimity", for "security", along with the increasing size of DNS messaging and the advent of H2 made it convenient to *try* and serve the DNS by the same mean we serve web-pages, possibly along the same iteration (i.e. browser integration with APIs). I have again some doubts on the logging of such requests, but this is probaly an open point yet. Then just to complete the story, some times in 2016 I have seen Google HTTPS DNS service being published but I was busy so I sincerely do not remember interacting with it alot. [5] Unfortunately, I think it didn't raise alot lot of interest, neither it got fully advertised... Is it true? Am i totally wrong? Happy to address you all, apologise for long thread/simple language. Hope you will appreciate DNSP as wannabe DOH local server. See you 17/18 March at the Hilton Metropole ! Thanks for your time, Massimiliano (Max) Footnotes: [1]: satellite connectivity made me needing short responses and HTTP is more friendly to billing, UDP was getting lost and users unhappy. [2]: made in China out of similar branch of mine ( http://dnspod.github.io/dnspod-int-api-docs/ and https:// github.com/DNSPod/dplus-c/blob/master/src/http.c htt ps://github.com/DNSPod/dplus-c [3]: chinese windows proxy was just inspirational sometimes and made me curious about China internet situation, but this project had no HTTP involved. https://github.com/chengr28/Pcap_DNSProxy/blob/mas ter/Documents/ReadMe.en.txt [4]: https://github.com/shadowsocks/ChinaDNS [5]: Just my 2c: let's compare for a second the SPDY evolution into H2, and look at DOH (or alternatives of it) as the next promising tech. IMHO, this Google DNSHTTPS experimental product came bit lately than "expected". How many millions users are on 8.8.8.8 standard DNS ? Whole enterprises (not nice of them, that's why they *used to* get throttled)... The forwarder view offered by Google has been "accepted" by its users since longer time than any other "free" DNS service, i.e. OpenDNS. We believe that Google did an astounding commercial choice in using all 8s digits. This is why I say that this DNS/HTTPS Google service was launched "late", just because big G earned an enormous share on the free DNS market and oviously is always in the position to help supporting DOH adoption/advertisement with such a easy mnemonic choice !! Free-of-charge google services are attractive. I recall that Google service is not DOH compliant, but i see a common intent. Does anyone have some numbers on dns.google.com HTTPS service, in terms of active users (or system uptime/faults) ? just approximately ? BTW, IBM owns 9.9.9.9 and HP 16.16.16.16.16, mnemonic choices do "avoid re-translating something we already known by heart" (is a bit like "thinking in the same language your conversation happens to be", considered a must in foreign languages interpretation). With kind regards, Massimiliano Fantuzzi -- *Massimiliano Fantuzzi* *IT professional, expert in DB Linux and networks.* *+41 76 754 1037 <%2B41%2076%20754%201037>*
- [Doh] Running code Ben Schwartz
- Re: [Doh] Running code manu tman
- Re: [Doh] Running code manu tman
- Re: [Doh] Running code Ben Schwartz
- Re: [Doh] Running code - goto
- Re: [Doh] Running code Daniel Stenberg
- Re: [Doh] Running code Stephane Bortzmeyer
- Re: [Doh] Running code Daniel Stenberg
- Re: [Doh] Running code manu tman
- Re: [Doh] Running code manu tman
- Re: [Doh] Running code Massimiliano Fantuzzi