Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Ponder support for ODoH target mode #10652

Open
johnhtodd opened this issue Aug 18, 2021 · 4 comments
Open

dnsdist: Ponder support for ODoH target mode #10652

johnhtodd opened this issue Aug 18, 2021 · 4 comments

Comments

@johnhtodd
Copy link

  • Program: dnsdist
  • Issue type: Feature request

Short description

Oblivious DOH is looking more like it will be implemented in various operating systems and browsers. The proxy is outside the scope of dnsdist, but target mode certainly seems like a reasonable thing to include in dnsdist's DOH stack if it is standardized.

Usecase

It would be useful for any dnsdist instance that is able to accept and process DOH requests to also be able to accept and process ODOH requests if a client (and thus proxy) is sending queries to that dnsdist instance.

Description

This feature request is for consideration of ODOH. Depending on complexity of implementation, more discussion may be required. The draft for ODOH is still incomplete as of this ticket's generation (2021/08/17) but the intervals between ideas existing and being implemented "at scale" unilaterally by large corporate organizations seems to be getting shorter and shorter these days, doesn't it?

See also: https://datatracker.ietf.org/doc/html/draft-pauly-dprive-oblivious-doh-06

@rgacogne
Copy link
Member

I guess one of the first steps would be to find a good HPKE implementation that we could use, so either in C, C++, or with compatible bindings.

@appliedprivacy
Copy link
Contributor

HPKE RFC 9180 has been recently published (Feb 2022).

This github repo lists a few implementations:
https://github.com/cfrg/draft-irtf-cfrg-hpke#existing-hpke-implementations

We are happy to help with testing ODoH code in dnsdist in the future.

@rgacogne
Copy link
Member

rgacogne commented Apr 4, 2022

Interesting, thanks! Several entries on that list seem nice but have no release, and some are not even self-contained.
It would be fun to try using zig-hpke from C++, as in theory it should work, and we have always been very happy with Frank's work :)

@appliedprivacy
Copy link
Contributor

RFC9230 ODoH has been published: https://www.rfc-editor.org/info/rfc9230

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants