[Doh] Experimental implementation of DoH (draft -07) in dnss
Alberto Bertogli <albertito@blitiri.com.ar> Tue, 17 April 2018 23:14 UTC
Return-Path: <albertito@blitiri.com.ar>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD4B9127010 for <doh@ietfa.amsl.com>; Tue, 17 Apr 2018 16:14:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.436
X-Spam-Level: *
X-Spam-Status: No, score=1.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WxtJktEmu4iZ for <doh@ietfa.amsl.com>; Tue, 17 Apr 2018 16:14:15 -0700 (PDT)
Received: from blitiri.com.ar (cdt.blitiri.com.ar [IPv6:2001:41d0:401:3100::2c1a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1862126C83 for <doh@ietf.org>; Tue, 17 Apr 2018 16:14:14 -0700 (PDT)
Received: from blitiri.com.ar (authenticated as alb@blitiri.com.ar) by cdt.blitiri.com.ar (chasquid) (over submission TLS-1.2-TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) (envelope from "albertito@blitiri.com.ar") ; Wed, 18 Apr 2018 00:14:12 +0100
Date: Wed, 18 Apr 2018 00:14:11 +0100
From: Alberto Bertogli <albertito@blitiri.com.ar>
To: doh@ietf.org
Message-ID: <20180417231411.jcjfhqpgvqdkbupj@blitiri.com.ar>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Disposition: inline
User-Agent: NeoMutt/20170609 (1.8.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/Fh9hRD23Scb9eYdWeXpviY4HADc>
Subject: [Doh] Experimental implementation of DoH (draft -07) in dnss
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2018 23:14:16 -0000
Hi! I hope this is ok to post on this list. I've added experimental DoH support to a DNS proxy that I wrote some time ago (which also does DNS over the HTTPS+JSON defined by dns.google.com). It supports both server (DNS in, HTTPS out) and client (HTTPS in, DNS out) modes. You can find it here: https://blitiri.com.ar/git/r/dnss/ DoH support is still experimental, so some of the documentation has not been fully updated yet. I expect to adjust it as new drafts appear. Cache-related headers are on the TODO list (but it is fully functional without them anyway). Overall I found the draft very clear, and it was quite straightforward to implement (I hope I did not overlook anything major :) Thanks a lot! Alberto PS: In case you're curious, here are the two key changes: Client mode (DNS in, DoH out) patch: https://blitiri.com.ar/git/r/dnss/c/5cc895a891bade8fba30d611720f65652a1f6909/ Server mode (DoH in, DNS out) patch: https://blitiri.com.ar/git/r/dnss/c/9c203de38b9e12f4dd94db10f7df8284a9091d83/ Also once Cloudflare supports the -07's new content type the daemon should be able to talk with it just fine (it was working ok with -05).
- [Doh] Experimental implementation of DoH (draft -… Alberto Bertogli