firefox + doh-proxy

[bol-van]

looks like doh-proxy ceases to serve requests from mozilla after 5-10 minutes of usage
When firefox configured for TRR-only mode nothing can be resolved anymore until doh-proxy is restarted.
When firefox configure for TRR=2 mode, it silently stop using TRR resolver

[chantra]

Hi @bol-van

Would you have any logs that jobs some exceptions? When that happen, can you use doh-client to test if the server is still functional?
What version of doh-proxy are you using?

[bol-van]

• firefox works fine with https://github.com/jedisct1/rust-doh indefinitely long
• with this proxy firefox stop resolving in 5..10 minutes
• when problem occurs connection to doh-proxy is still established but looks like its unable to serve any more queries
• doh-client works. i guess its because it creates new connection. old connection is hang, new connections work
• even with --debug paremeter doh-proxy does not output anything useful
• version 0.0.9

[chantra]

Thanks @bol-van

I suppose you are using doh-proxy directly, without nginx or anything in front?
I would recommend you front it with nginx, I did not find any great HTTP2 library for python back in the days. There is something that does work for a PoC (which this project is), but not really great (albeit this may have changed).

[bol-van]

Yes, i was using it directly.
I guess http2 is not mandatory.
My current config is lighttpd+rust-doh
lighttpd terminates tls, then proxy to rust-doh
lighttpd does not support http2 at all

[chantra]

Firefox will try HTTP2 for sure, but yeah, the HTTP2.0 server that comes with doh-proxy is definitely not production grade :D.
Put it behind your favorite web server, spin multiple services and proxy the traffic to them :)

Thanks for reporting, but given the current state of HTTP2 libraries in python, it is not worth it to fix. I think having doh-proxy behind a proxy makes more sense, you can also run the service totally unprivileged this way.