Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Add DNS over HTTPS support based on libh2o #7726

Merged
merged 23 commits into from Apr 23, 2019

Conversation

@rgacogne
Copy link
Member

@rgacogne rgacogne commented Apr 15, 2019

Short description

This PR is a rebase of #6911 on top of the current master, with a few fixes.
It also has less code duplication because of the cleanup done in #7526.
The only remaining issue I'm aware of is that we always send the request received over DoH to the backend over UDP, advertising an EDNS Payload Size of 4096 (unless there was an existing EDNS OPT RR). It means that the current design can't handle responses larger than 4096 bytes over DoH, and leads to a weird situation if the backend answers with TC=1.

Still needs documentation, and quite a lot of regression tests. I'm not sure how to proceed for that last point since the version of Ubuntu used by our Travis tests is much too old to have the required libh2o library, and Python libraries with support for HTTP/2.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
pdns/dnsdistdist/doh.cc Outdated Show resolved Hide resolved
@rgacogne
Copy link
Member Author

@rgacogne rgacogne commented Apr 17, 2019

Now with:

  • custom ciphersuites, including for TLS 1.3 ;
  • certificate reloading ;
  • TCP Fast Open, reuseport, interface and CPU pinning ;
  • more than one certificate (ECDSA and RSA, for example) ;
  • documentation.

@rgacogne
Copy link
Member Author

@rgacogne rgacogne commented Apr 17, 2019

I think this PR is done, it's still missing tests but I'm afraid we won't be able to run them on Travis anyway, so I'd be happy to merge this PR as soon as it has been reviewed.
In the meantime I'll write regression tests and disable them in Travis.

@pieterlexis
Copy link
Member

@pieterlexis pieterlexis commented Apr 17, 2019

Travis tests is much too old to have the required libh2o library

We can build it ourselves though (as we do for packages on OSs that have no libh2o-evloop)

Python libraries with support for HTTP/2.

Perhaps we can take hyper for a spin

@pieterlexis pieterlexis reopened this Apr 17, 2019
@Habbie
Copy link
Member

@Habbie Habbie commented Apr 17, 2019

Travis tests is much too old to have the required libh2o library

How about testing on a fresher docker image in circleci?

@Habbie
Copy link
Member

@Habbie Habbie commented Apr 18, 2019

How about testing on a fresher docker image in circleci?

I've done (ugly, unfinished) circleci work based on this branch, in https://github.com/Habbie/pdns/tree/dnsdist-redoh-circleci (py2, with hacks, but all tests pass) - probably best to integrate that into the bigger matrix @pieterlexis is working on, when that has landed.

pdns/dnsdist-lua.cc Outdated Show resolved Hide resolved
pdns/dnsdist-lua.cc Outdated Show resolved Hide resolved
pdns/dnsdistdist/doh.cc Outdated Show resolved Hide resolved
@rgacogne rgacogne merged commit 07f217c into PowerDNS:master Apr 23, 2019
2 checks passed
2 checks passed
ci/circleci: build Your tests passed on CircleCI!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@rgacogne rgacogne deleted the rgacogne:dnsdist-redoh branch Apr 23, 2019
@chbruyand
Copy link
Member

@chbruyand chbruyand commented Apr 23, 2019

\o/

@rgacogne rgacogne mentioned this pull request Apr 24, 2019
3 of 7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants