net: custom DNS-over-TLS Resolver doesn't work anymore #26573
Comments
I modified example to log (unencrypted) data passed over TLS connections: https://play.golang.org/p/Lhb8bOP7pw6 Here's what results look like:
This is for tip:
|
Bisected this to 672729e |
That code is broken. It always returns a TCP connection even if a UDP one is requested. The TCP and UDP DNS protocols are different. |
@iangudger from the second paragraph of the doc for net.Resolver.Dial I assumed that UDP wire protocol is only used if Dial returned net.PacketConn, which tls.Conn does not implement, so RFC 7766 path expected here.
What am I missing here? |
Wow, that is dumb. I will throw together a patch to fix compatibility. |
Assigning as release-blocking due to it being a regression. |
Or by design. |
Change https://golang.org/cl/125735 mentions this issue: |
I think this is one of the design flaws of the net package API surface, unfortunately, from the beginning. Looks like representing various characteristics in a single interface, like net.Conn, is not good for people who don't care about the hidden hierarchy on the interface. Surely, we need a good solution, at least for application-layer transport API still increasing complexity by adding fancy features; security (TLS 1.3, 1.4 or above), multipath (MPTCP, QUIC), newly flow and congestion controls and platform-dependent control knobs, in Go 2. |
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes, tested on
What operating system and processor architecture are you using (
go env
)?What did you do?
https://play.golang.org/p/g1be5wdYdgy
This is an example of using Cloudflare's DNS-over-TLS. This code works in go1.10.3
What did you expect to see?
What did you see instead?
Caught this issue first on linux/arm binary built with go version go1.11beta2 darwin/amd64.
The text was updated successfully, but these errors were encountered: