/coredns

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

make CoreDNS DoH Server #1619

Merged
merged 13 commits into from May 21, 2018

Conversation

Reviewers

@chantra chantra

@johnbelamaric johnbelamaric

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@miekg @codecov-io @chantra @johnbelamaric
@miekg
Member

miekg commented Mar 18, 2018

1. What does this pull request do?

Add experimental DoH support.

2. Which issues (if any) are related?

3. Which documentation changes (if any) need to be made?
@codecov-io

This comment has been minimized.

Sign in to view

codecov-io commented Mar 18, 2018
edited

Codecov Report

Merging #1619 into master will decrease coverage by 0.89%.
The diff coverage is 6.52%.

Impacted file tree graph

@@            Coverage Diff            @@
##           master    #1619     +/-   ##
=========================================
- Coverage   53.44%   52.55%   -0.9%     
=========================================
  Files         186      191      +5     
  Lines        9392     9590    +198     
=========================================
+ Hits         5020     5040     +20     
- Misses       3989     4164    +175     
- Partials      383      386      +3
Impacted Files Coverage Δ
plugin/normalize.go 76.27% <0%> (-2.68%) ⬇️
core/dnsserver/doh/responsewriter.go 0% <0%> (ø)
core/dnsserver/address.go 58.57% <0%> (-6.51%) ⬇️
core/dnsserver/register.go 23.42% <0%> (-1.11%) ⬇️
core/dnsserver/server_https.go 0% <0%> (ø)
core/dnsserver/doh/https.go 75% <75%> (ø)
core/dnsserver/server_grpc.go 8.1% <0%> (ø)
... and 2 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1822354...50d4655. Read the comment docs.
@miekg

This comment has been minimized.

Sign in to view
Member

miekg commented Mar 18, 2018

Also need a way to for http/2

and the forward and maybe proxy plugin should start speaking it.
@chantra

chantra reviewed Mar 18, 2018
View changes

Nice!

core/dnsserver/doh/https.go Outdated
// MimeType is the DoH mimetype that should be used.
const MimeType = "application/dns-udpwireformat"
// RequestToMsg extra the dns message from the request body.

This comment has been minimized.

Sign in to view
Copy link
@chantra

chantra Mar 18, 2018

typo: s/extra/extract/
core/dnsserver/doh/https.go Outdated
buf, err := ioutil.ReadAll(req.Body)
if err != nil {
return nil, nil

This comment has been minimized.

Sign in to view
Copy link
@chantra

chantra Mar 18, 2018

shouldn't this return the error?
core/dnsserver/server_https.go Outdated
}
w.Header().Set("Content-Type", doh.MimeType)
w.Header().Set("Cache-Control", "max-age=0")

This comment has been minimized.

Sign in to view
Copy link
@chantra

chantra Mar 18, 2018

maybe a FIXME to implement cache-control later?
core/dnsserver/doh/https.go Outdated
const MimeType = "application/dns-udpwireformat"
// RequestToMsg extra the dns message from the request body.
func RequestToMsg(req *http.Request) (*dns.Msg, error) {

This comment has been minimized.

Sign in to view
Copy link
@chantra

chantra Mar 18, 2018

note that this only handle POST.
For GET use case, the content-type should be taken from the query parameter ct and the dns payload will be base64safeurl encoded (with trailing = removed) in the dns query parameter. Maybe worth a FIXME/TODO comment.
@miekg

This comment has been minimized.

Sign in to view
Member

miekg commented Mar 18, 2018

@chantra thanks for reviewing. yes error handling needs to be done - the draft is also light on this. I'll fix things after -04 is released.

@miekg miekg referenced this pull request Apr 1, 2018

Closed

Add support for CloudFlare's new 1.1.1.1 DNS-over-HTTPS service #1650

@miekg miekg force-pushed the doh1 branch from 00ecfcb to f43a950 May 19, 2018

@miekg
correct context
Loading status checks…
55784d8

@miekg miekg changed the title from WIP: make CoreDNS DoH Server to make CoreDNS DoH Server May 19, 2018

@miekg

This comment has been minimized.

Sign in to view
Member

miekg commented May 19, 2018

@chantra PTAL, address all comments and implemented -08 of the draft.
@miekg

This comment has been minimized.

Sign in to view
Member

miekg commented May 19, 2018

/cc @johnbelamaric
@miekg
tweaks
Loading status checks…
2cb652e
@johnbelamaric

johnbelamaric requested changes May 21, 2018
View changes

minor issues, looks good

core/dnsserver/https.go Outdated
return nil, fmt.Errorf("no 'dns' query parameter found")
}
if len(b64) != 1 {
return nil, fmt.Errorf("multipe 'dns' query values found")

This comment has been minimized.

Sign in to view
Copy link
@johnbelamaric

johnbelamaric May 21, 2018

Member

nit: s/multipe/multiple/

This comment has been minimized.

Sign in to view
Copy link
@miekg

miekg May 21, 2018

Member

doine
core/dnsserver/server-https.go Outdated
buf, _ := dw.Msg.Pack()
w.Header().Set("Content-Type", mimeTypeDOH)
w.Header().Set("Cache-Control", "max-age=128") // Minttl as done in cache.

This comment has been minimized.

Sign in to view
Copy link
@johnbelamaric

johnbelamaric May 21, 2018

Member

No control over this?

This comment has been minimized.

Sign in to view
Copy link
@miekg

miekg May 21, 2018

Member

proper bug filed: #1823
The draft is still debating the exact requirements here, but it is clear what needs to be done. Left TODO with issue number.
@miekg
code review
Loading status checks…
8cf3abf
@johnbelamaric

johnbelamaric approved these changes May 21, 2018
View changes

@miekg miekg merged commit 18b92e1 into master May 21, 2018
2 of 4 checks passed

2 of 4 checks passed

coredns/ci Integration test failed 2/14 tests and 2/49 subtests.
Details
WIP work in progress – do not merge!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@miekg miekg deleted the doh1 branch May 21, 2018

@chantra

This comment has been minimized.

Sign in to view

chantra commented May 23, 2018

Great stuff!

miekg added a commit that referenced this pull request May 23, 2018

@miekg
Revert pkg/nonwriter changes 
The DoH work (#1619) made changes to pkg/nonwriter.Writer that in
hindsight were not backwards compatible; it added override for the
LocalAddr() and RemoteAddr(). Instead of rolling back that PR, this PR
reverts those changes and creates a DoHWriter for use in the
https-server.go side of things.

This was only caught in the integration test making this hard to catch,
so we add a upstream_file_test.go that tries (doesn't work yet) to test
this in the unit tests as well. Esp. helpful when 'git bisecting'.

Fixes #1826
Loading status checks…
0d4ef7b

miekg added a commit that referenced this pull request May 23, 2018

@miekg
Revert pkg/nonwriter changes 
The DoH work (#1619) made changes to pkg/nonwriter.Writer that in
hindsight were not backwards compatible; it added override for the
LocalAddr() and RemoteAddr(). Instead of rolling back that PR, this PR
reverts those changes and creates a DoHWriter for use in the
https-server.go side of things.

This was only caught in the integration test making this hard to catch,
so we add a upstream_file_test.go that tries (doesn't work yet) to test
this in the unit tests as well. Esp. helpful when 'git bisecting'.

Fixes #1826
Loading status checks…
1bb635c

@miekg miekg referenced this pull request May 23, 2018

Merged

Revert pkg/nonwriter changes #1829

chrisohaver added a commit that referenced this pull request May 23, 2018

@miekg @chrisohaver
Revert pkg/nonwriter changes (#1829) 
The DoH work (#1619) made changes to pkg/nonwriter.Writer that in
hindsight were not backwards compatible; it added override for the
LocalAddr() and RemoteAddr(). Instead of rolling back that PR, this PR
reverts those changes and creates a DoHWriter for use in the
https-server.go side of things.

This was only caught in the integration test making this hard to catch,
so we add a upstream_file_test.go that tries (doesn't work yet) to test
this in the unit tests as well. Esp. helpful when 'git bisecting'.

Fixes #1826
Loading status checks…
0f74281

@jmhodges jmhodges referenced this pull request Sep 7, 2018

Open

net: support DNS-over-HTTPS #27552

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment