[Doh] IETF hackathon client implementation report

Miek Gieben <miek@miek.nl> Sun, 18 March 2018 10:31 UTC

Return-Path: <miek@miek.nl>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1E8F1275F4 for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 03:31:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=miek-nl.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zoRN_7-g9HDK for <doh@ietfa.amsl.com>; Sun, 18 Mar 2018 03:31:45 -0700 (PDT)
Received: from mail-wm0-x22b.google.com (mail-wm0-x22b.google.com [IPv6:2a00:1450:400c:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C92BD12741D for <doh@ietf.org>; Sun, 18 Mar 2018 03:31:44 -0700 (PDT)
Received: by mail-wm0-x22b.google.com with SMTP id h21so10306572wmd.1 for <doh@ietf.org>; Sun, 18 Mar 2018 03:31:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=miek-nl.20150623.gappssmtp.com; s=20150623; h=date:from:to:subject:message-id:mail-followup-to:mime-version :content-disposition:user-agent; bh=oHQvW3tfoG9vN7s7ePQ/w5ZAvzZ4q1U3gF2BKXAD1wc=; b=m4jEBCOVqR/5z+Ugucb05mljn4O+8qqYnPWbn692lBazDH2UHwhympKFrYLkHBwg15 kf7vbE+NCfzEg3ZAywnStJEYQJ5IyneHPoD9/EYh3dSuwuq4BGG49nkUlA1VSeRsJQbL vDKadqdWa8zHI959Iw6cHL74caUFDkh0Wpx1Abku4zomAKmHOQRgJX3ePQlh1TNHa5c1 e4T6GIWNZV1k1UdiQ9ynG6hlMp854QshzQ4q7U2UayqAt/j9eV1GoV+ZPkMco5OsQ3Zc T7O+igXjsmwwV+bttxFYIEPCQwipAThCcBHxRQNuPBYjPLIcrfGjXr+ZSWd/VwW4iERU dcLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mail-followup-to :mime-version:content-disposition:user-agent; bh=oHQvW3tfoG9vN7s7ePQ/w5ZAvzZ4q1U3gF2BKXAD1wc=; b=R7pTR4ld0wJqLM13ynLIbL+gZ3O6bXGo7+9TecMwvshubevcXRb+vrE0NwaOiwFRA7 jNJNU2iAwVy+cU+gY0B6UB0mFo3t5zzylM2zOdEFJLQx96fnEhm7D0Or86bRqb6VIiCS iNONDymIxWToimHyq9EZT6RBSpirvXE2Db6eHNmWWkyyCFf0dpMl00aRA60yWKcC+jrE fcM6yv/6HXmsDHsxR7uxaJ3G7ZAv07UzKV/7507yhEy0Ziws/q/C4S6LGj29zv4VHcky fdjqzbLbehWTpp5Zv1GEE9K0L31vYVQZZA/ED/jaf8K5wRI+2JPySSYDsXz3oB1C0lA6 oqYA==
X-Gm-Message-State: AElRT7FvKNxTdrKjxh4PmAOGx+LCSqrBPB20SCJcoqbCdF2HnM+WFWIg SQYoPBK7FMlCv5+eM9Z8I8obS9FgDTo=
X-Google-Smtp-Source: AG47ELvf32hnZE7gOFe7bt7IQcTiZhgetjTGfavrHvBlUP7z3zq0piFhYc3ZowVCBQr2XHsOK7mN/w==
X-Received: by 10.28.198.13 with SMTP id w13mr1175530wmf.108.1521369102999; Sun, 18 Mar 2018 03:31:42 -0700 (PDT)
Received: from miek.nl ([2001:67c:1232:144:b320:5945:16d2:52c4]) by smtp.gmail.com with ESMTPSA id n62sm4245040wmf.13.2018.03.18.03.31.41 for <doh@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 18 Mar 2018 03:31:42 -0700 (PDT)
Date: Sun, 18 Mar 2018 10:31:41 +0000
From: Miek Gieben <miek@miek.nl>
To: DoH WG <doh@ietf.org>
Message-ID: <20180318103141.a5wacb75qzsgsjqp@miek.nl>
Mail-Followup-To: DoH WG <doh@ietf.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
User-Agent: Vim/Mutt/Linux
X-Home: http://www.miek.nl
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/vGdAaM3J5i2f0OrWy3iqe5L17_M>
Subject: [Doh] IETF hackathon client implementation report
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 10:31:47 -0000

FYI:

Goal: Implement DoH in miekg/dns (Go DNS library)
Try to mimic DNS-over-TLS, which was relatively painless to incorperate.

I attempted to make DNS over HTTPS a first class citizen, i.e. create a
DNS connection and have 1 configuration item set to "https" and then have DoH
"just work".

This approach worked for DNS-over-TLS (but side steps some advanaced features).

This ran into a few snags which makes this approach infeasible meaning I
can't easily incorperate it without major rewrites of the library:

* http/2 (in Go) has it's own socket pipelining so I can't give it a socket
  and make it run with it. This breaks an assumption in this library.

* The Go http client setup has a function called client.Do which sends
  a reply and waits for a reponse, ala Exchange() in this library. But
  this library uses "WriteMsg" and "ReadMsg" as two calls; which can't be
  implemented as such for DoH.

I ended up with some (trivial) helper functions that parse from and
to the http/2 request world, but nothing more tangible. See
https://github.com/miekg/dns/pull/647 .


/Miek

--
Miek Gieben