[Doh] DOH proxy

manu tman <chantr4@gmail.com> Wed, 15 November 2017 15:07 UTC

Return-Path: <chantr4@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EC2A12949B; Wed, 15 Nov 2017 07:07:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.748
X-Spam-Level:
X-Spam-Status: No, score=-1.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YgfLO2_7n9hs; Wed, 15 Nov 2017 07:07:06 -0800 (PST)
Received: from mail-lf0-x244.google.com (mail-lf0-x244.google.com [IPv6:2a00:1450:4010:c07::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3756412944E; Wed, 15 Nov 2017 07:07:06 -0800 (PST)
Received: by mail-lf0-x244.google.com with SMTP id f125so26575282lff.4; Wed, 15 Nov 2017 07:07:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=mFMhGvg+P4rMIkNFdIjnPG8CZtJMVFqvC/DQJXwynTc=; b=f5Q5wKbwX+LFInwkBrjdG70fMqgeQuttYrPTkHJ2EwU4DpY8lzqONP6vTgctXSpOln IpTUDxB41ici1nmIl9d6FDfbWuSZzNoFC9HhQxh/226+USjeazLQmOn4zJdhShg1mK9o W/maIJ0xTE2iHtokzMOgZooGBOMaQ+4cuVCISXXiCC/tScx+AYbygu2jutiwg/uVNNA5 wwoLTUzn48zRHgvEkpfD5LOPa8LgUtD4l19ZDVxoRG0bcdQV/xIGs6E4feGE32UjLDrR cQNznRfW8wfCVApRXGH0irlzi0BAjNJnaUqnmKwuVlyGS5AYuuLpaNNRq1zGY2lVKNq7 3TVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=mFMhGvg+P4rMIkNFdIjnPG8CZtJMVFqvC/DQJXwynTc=; b=tAad0dj5U8++BW7NyntBeuH/P1Ljmmz9HWpUd18LgnY5ydw55GHj0LE/dNFhnaGO1V DNdLJIwZKO3ieZjhZOlxx2tjSzYmJFM0wVfEGiKu+hI4nQ2ielLxV7RkJXEN68yCz3xZ 7VK/qgpRxPeule8Qf+oI8PODejbeY6SIVYjpP7+dRXfjGOM6lIuzqRmBBtT6Cfb8CcMu AkoE3alm5RGJ0g2XnU1h6xBYEn7alwT6AC2sWyuSwTN+ILkuofcM2x/ebEik/rnbTHa4 /qccgkKUj3aWE4Alpsm1wyYhT4+udOpQJdX2WWeUOnWrq8WuetCxjMQJymaB7g2DBFWW 6PcA==
X-Gm-Message-State: AJaThX6DlbeG8sLguj6Vq4fXXwLNyayJ69pIMWNFiN6VSammkMl/jE/z Fe17sWSo+AKpgPL9RucZpw/EjYa8D2CLnUWvmBiX1ETZ
X-Google-Smtp-Source: AGs4zMbCfpHbcf8tx6M5opI8O0+9nvBgxcbmvfjudElAjygenCszhy7mj/cA1JdnS/o2ggp+g8a0A9e2ZLh4gouvnRI=
X-Received: by 10.46.16.76 with SMTP id j73mr6560370lje.170.1510758423997; Wed, 15 Nov 2017 07:07:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.150.200 with HTTP; Wed, 15 Nov 2017 07:07:03 -0800 (PST)
From: manu tman <chantr4@gmail.com>
Date: Wed, 15 Nov 2017 23:07:03 +0800
Message-ID: <CAArYzrLuVvis8dw+dRULqQqGFM2MNwLzg2EVTNw8t-5jnBGmUw@mail.gmail.com>
To: dns-privacy@ietf.org, doh@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c1a647e3433ba055e06db37"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/tkyxreuXsfHx24CUAEmLR5gz-iI>
Subject: [Doh] DOH proxy
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Nov 2017 15:07:12 -0000

Hi,

As mentioned during the DPRIVE BOF, during IETF 100 hackathon, I hacked a
proof of concept DNS-over-HTTPS proxy.

At the end of the hackathon, it was using HTTP1 and only had a test client.

I got a stub resolver working today as well as using HTTP2.

The code can be found at https://github.com/chantra/doh-proxy

The README has example usage. For the stub and client, there is a hidden
`--insecure` option that will allow to run the stub against a server with a
self-signed cert.

Keep in mind that this is only a POC, so don't expect all the goodness of
HTTP2, TFO, 0-RTT, pipelining, connection pool... to be leveraged.

Manu