Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Add support for early DoH HTTP responses #8206

Merged
merged 4 commits into from Aug 30, 2019

Conversation

@rgacogne
Copy link
Member

commented Aug 16, 2019

Short description

The HTTPPathRule and HTTPPathRegexRule, and the Lua bindings to access the HTTP informations are only invoked for valid DNS over HTTP queries. This PR adds support for responding to HTTP queries before the DNS payload has been parsed, thus allowing to respond to all HTTP queries.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne rgacogne added this to the dnsdist-1.4.0 milestone Aug 16, 2019

@rgacogne rgacogne requested a review from chbruyand Aug 27, 2019

@chbruyand
Copy link
Member

left a comment

Code LGTM, I'm just wondering if matching shouldn't be also done on HTTP method ?
I'm also wondering if we may want to send the possibly set custom headers in the response ?

@rgacogne

This comment has been minimized.

Copy link
Member Author

commented Aug 27, 2019

I'm just wondering if matching shouldn't be also done on HTTP method ?

It might be a request at some point, yes, but for now I'm trying to keep it simple.

@rgacogne

This comment has been minimized.

Copy link
Member Author

commented Aug 27, 2019

I'm also wondering if we may want to send the possibly set custom headers in the response ?

I'd really like dnsdist not to become a full-fledged HTTP server :-)

@chbruyand

This comment has been minimized.

Copy link
Member

commented Aug 27, 2019

I'm also wondering if we may want to send the possibly set custom headers in the response ?

I'd really like dnsdist not to become a full-fledged HTTP server :-)

I know, this is just that you may expect to get the custom headers you set via customResponseHeaders in the response.

pdns/dnsdistdist/doh.cc Outdated Show resolved Hide resolved
@rgacogne

This comment has been minimized.

Copy link
Member Author

commented Aug 27, 2019

I know, this is just that you may expect to get the custom headers you set via customResponseHeaders in the response.

Oh, you are right! I'm not 100% sure it's a good idea to apply these to "early" responses, but I guess it might be something that users will expect..

@chbruyand

This comment has been minimized.

Copy link
Member

commented Aug 27, 2019

I know, this is just that you may expect to get the custom headers you set via customResponseHeaders in the response.

Oh, you are right! I'm not 100% sure it's a good idea to apply these to "early" responses, but I guess it might be something that users will expect..

Yes, really depends on your custom headers usage. But I think you would expect it in use cases like #7900

@rgacogne

This comment has been minimized.

Copy link
Member Author

commented Aug 27, 2019

I'm worried about the case where one does not want the customResponseHeaders applied here, so I guess we indeed need to accept an optional list of custom headers in newDOHResponseMapEntry(), where no list means to apply customResponseHeaders and any other value overrides it (so an empty list means no headers).

@rgacogne

This comment has been minimized.

Copy link
Member Author

commented Aug 28, 2019

Fixed the default application/dns-message content-type header added to early 200 responses. Added support for custom HTTP headers in early responses as well.

rgacogne added 4 commits Aug 14, 2019

@rgacogne rgacogne force-pushed the rgacogne:dnsdist-early-doh-rewrite branch from 5167a1c to 9b2ef60 Aug 29, 2019

@rgacogne

This comment has been minimized.

Copy link
Member Author

commented Aug 29, 2019

Rebased to fix a conflict.

@chbruyand chbruyand self-requested a review Aug 29, 2019

@rgacogne rgacogne merged commit 762a2b5 into PowerDNS:master Aug 30, 2019

26 of 27 checks passed

LGTM analysis: JavaScript No code changes detected
Details
LGTM analysis: C/C++ No new or fixed alerts
Details
LGTM analysis: Python No new or fixed alerts
Details
ci/circleci: build-auth Your tests passed on CircleCI!
Details
ci/circleci: build-auth-docs Your tests passed on CircleCI!
Details
ci/circleci: build-dnsdist Your tests passed on CircleCI!
Details
ci/circleci: build-dnsdist-docs Your tests passed on CircleCI!
Details
ci/circleci: build-recursor Your tests passed on CircleCI!
Details
ci/circleci: build-recursor-docs Your tests passed on CircleCI!
Details
ci/circleci: test-auth-algorithms Your tests passed on CircleCI!
Details
ci/circleci: test-auth-api Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-bind Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-gmysql Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-gpgsql Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-gsqlite3 Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-ldap Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-lmdb Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-mydns Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-odbc-mssql Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-odbc-sqlite3 Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-tinydns Your tests passed on CircleCI!
Details
ci/circleci: test-dnsdist-regression Your tests passed on CircleCI!
Details
ci/circleci: test-ixfrdist-regression Your tests passed on CircleCI!
Details
ci/circleci: test-recursor-api Your tests passed on CircleCI!
Details
ci/circleci: test-recursor-bulk Your tests passed on CircleCI!
Details
ci/circleci: test-recursor-regression Your tests passed on CircleCI!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@rgacogne rgacogne deleted the rgacogne:dnsdist-early-doh-rewrite branch Aug 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.