Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DoH serverTokens: duplicate server header and ignored setting #7894

Closed
appliedprivacy opened this issue Jun 7, 2019 · 1 comment · Fixed by #7911
Closed

DoH serverTokens: duplicate server header and ignored setting #7894

appliedprivacy opened this issue Jun 7, 2019 · 1 comment · Fixed by #7911
Assignees
@rgacogne
Labels
defect dnsdist
Milestone
dnsdist-1.4.0

Comments

@appliedprivacy
Copy link
Contributor

appliedprivacy commented Jun 7, 2019
edited
Loading

  • Program: dnsdist
  • Issue type: Bug report

Short description

There are actually 3 issues but since they are closely related we'll document them in one go:

a) ignored serverTokens value

Setting the serverTokens option via
addDOHLocal( ..., "/query", { serverTokens='abc'})

has no effect on the HTTP server header field for HTTP requests not going to /query.

b) duplicate HTTP server header

Setting the serverTokens option via
addDOHLocal( ..., "/query", { serverTokens='abc'})

causes the server to send multiple HTTP server headers:

HTTP/2.0 200 OK
server: h2o/2.2.5
date: Fri, 07 Jun 2019 18:17:52 GMT
server: abc
content-type: application/dns-message
content-length: 80
X-Firefox-Spdy: h2

when the client issued a valid DoH request.

c) documentation issue

The documentation says the default value for serverTokens is h2o/dnsdist
but it is actually h2o/<h2oversion> currently that is h2o/2.2.5

Environment

  • Operating system: Debian Buster
  • Software version: 1.4.0~beta1-1pdns.buster
  • Software source: PowerDNS repository

Steps to reproduce

a)
curl -si https://doh.appliedprivacy.net

b)
curl -si "https://doh.appliedprivacy.net/query?dns=l1sBAAABAAAAAAAAA3d3dw1rbm90LXJlc29sdmVyAmN6AAAcAAE"

c)
https://dnsdist.org/reference/config.html#addDOHLocal

Expected behaviour

  • dnsdist should set the HTTP server header to h2o/dnsdist by default (as per documentation)
  • dnsdist should set the HTTP server header to the value provided in the serverTokens option (no matter which URL the client requested)
  • dnsdist should not send multiple HTTP server header

Actual behaviour

  • dnsdist ignores the serverTokens option complete when answering HTTP requests that are not valid DoH requests
  • dnsdist sends multiple HTTP server header when the request is a valid DoH request and the configuration contains the serverTokens option
@appliedprivacy appliedprivacy changed the title DoH: bugs in handling of serverTokens: duplicate server header and ignored setting DoH serverTokens: duplicate server header and ignored setting Jun 7, 2019
@rgacogne rgacogne added this to the dnsdist-1.4.0 milestone Jun 7, 2019
@rgacogne
Copy link
Member

rgacogne commented Jun 7, 2019

Thank you for reporting this!
The a/ issue is clearly an oversight on my part, I guess we could make sure that we route all queries by registering "/".
The b/ and c/ issues depend on the version of libh2o, as it seems that some versions allow overriding the "Server" header and some don't. I'll investigate.

@appliedprivacy appliedprivacy mentioned this issue Jun 10, 2019
Closed
@rgacogne rgacogne self-assigned this Jun 11, 2019
@rgacogne rgacogne mentioned this issue Jun 12, 2019
Merged
7 tasks
@melissavoegeli melissavoegeli mentioned this issue Jun 17, 2019
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rgacogne rgacogne

Labels
defect dnsdist
Projects
None yet
Milestone
dnsdist-1.4.0
Development

Successfully merging a pull request may close this issue.

dnsdist: Properly override the HTTP Server header for DoH rgacogne/pdns
2 participants
@rgacogne @appliedprivacy