Is coredns support dns over https? Could I use DoH in coredns?

[ghost]

Such as forward plugin, I cannot use DoH in it. Which plugin supports DoH?

[chrisohaver]

Which plugin supports DoH?

CoreDNS can serve DoH queries (https://github.com/coredns/coredns#examples). Plugins don't care over which protocol a query was received. Thus, all plugins can process a query received over DoH. As such, Forward also can process a query received over DoH. When processing a request, the forward plugin always sends the query upstream over the protocol configured for that upstream server, regardless of the protocol over which the original request was received.

[miekg]

[ Quoting <notifications@github.com> in "Re: [coredns/coredns] Is coredns su..." ]

Which plugin supports DoH? CoreDNS can serve DoH queries (https://github.com/coredns/coredns#examples). Plugins don't care over which protocol a query was received. Thus, all plugins can process a query received over DoH. As such, Forward also can process a query received over DoH. When processing a request, the forward plugin always sends the query upstream over the protocol configured for that upstream server, regardless of the protocol over which the original request was received.

/close /label question

[ghost]

I'm sorry. I did not express my thoughts clearly.I want to use an upstream dns like https://dns.google in forward plugin after the word "forward . ". But I don't know how to configure it.
@miekg @chrisohaver

[chrisohaver]

It's not supported. The forward plugin can forward via DNS or TLS (DoT). Not https (DoH).

[ghost]

@chrisohaver Thank you very much

[v-byte-cpu]

@chrisohaver I wonder why coredns team ignores requests from community to support DoH in forward plugin or create new one.

#3915
#3413
#3788
#1650

If you are interested I can work on it in spare time.

[miekg]

Hi v-byte-cpu, maybe it's because we all volunteers here?

[v-byte-cpu]

Hi @miekg, good, I will read CoreDNS contributing guidelines and start working on it.

[miekg]

[ Quoting <notifications@github.com> in "Re: [coredns/coredns] Is coredns su..." ]

Hi @miekg, good, I will read CoreDNS contributing guidelines and start working on it.

excellent! I think code duplication between grpc/forward and this new one is not a concern right now. I thought we had settled on 'https' as the name for it.

[v-byte-cpu]

@miekg sorry for the delay, I'm almost done with the plugin and will send the PR soon

[m-yosefpor]

@v-byte-cpu I followed this thread and it's embarrassing to see such behaviors in any open source project (and specially in a CNCF project) I'm sorry for that.

Right now, I was able to extract the plugin code from your code. However, I think it would be very helpful if you provide your plugin in a separate repo so we would be able to use it as an out-of-tree plugin with our self compiled coredns.

[v-byte-cpu]

👋 @m-yosefpor ok, I will extract the plugin code into a separate repo

[v-byte-cpu]

@m-yosefpor I extracted the plugin code
https://github.com/v-byte-cpu/coredns-https