DoH3 support

.github/workflows/test.yml

@@ -85,6 +85,7 @@ jobs:
             dns-over-rustls,
             dns-over-https-rustls,
             dns-over-quic,
+            dns-over-h3,
             dns-over-native-tls,
             dnssec-openssl,
             dnssec-ring,

Cargo.toml

@@ -71,6 +71,8 @@ ring = "0.16"
 # net proto
 quinn = { version = "0.10", default-features = false }
 h2 = "0.3.0"
+h3 = "0.0.2"
+h3-quinn = "0.0.3"
 http = "0.2"
 
 

bin/Cargo.toml

@@ -45,8 +45,8 @@ sqlite = ["trust-dns-server/sqlite"]
 # dns-over-https-openssl = ["dns-over-openssl", "trust-dns-client/dns-over-https-openssl", "dns-over-https"]
 dns-over-https-rustls = ["dns-over-https", "dns-over-rustls", "trust-dns-proto/dns-over-https-rustls", "trust-dns-client/dns-over-https-rustls", "trust-dns-server/dns-over-https-rustls"]
 dns-over-https = ["trust-dns-server/dns-over-https"]
-
 dns-over-quic = ["dns-over-rustls", "trust-dns-server/dns-over-quic"]
+dns-over-h3 = ["dns-over-rustls", "trust-dns-server/dns-over-h3"]
 
 # TODO: migrate all tls and tls-openssl features to dns-over-tls, et al
 dns-over-openssl = ["dns-over-tls", "dnssec-openssl", "trust-dns-proto/dns-over-openssl", "trust-dns-client/dns-over-openssl", "trust-dns-server/dns-over-openssl"]

bin/tests/named_https_tests.rs

@@ -20,7 +20,7 @@ use rustls::{Certificate, ClientConfig, OwnedTrustAnchor, RootCertStore};
 use tokio::net::TcpStream as TokioTcpStream;
 use tokio::runtime::Runtime;
 use trust_dns_client::client::*;
-use trust_dns_proto::https::HttpsClientStreamBuilder;
+use trust_dns_proto::h2::HttpsClientStreamBuilder;
 use trust_dns_proto::iocompat::AsyncIoTokioAsStd;
 
 use server_harness::{named_test_harness, query_a};

crates/client/src/https_client_connection.rs → crates/client/src/h2_client_connection.rs

@@ -12,7 +12,7 @@ use std::net::SocketAddr;
 use std::sync::Arc;
 
 use rustls::ClientConfig;
-use trust_dns_proto::https::{HttpsClientConnect, HttpsClientStream, HttpsClientStreamBuilder};
+use trust_dns_proto::h2::{HttpsClientConnect, HttpsClientStream, HttpsClientStreamBuilder};
 use trust_dns_proto::tcp::Connect;
 
 use crate::client::{ClientConnection, Signer};

crates/client/src/lib.rs

@@ -282,15 +282,15 @@ pub mod udp;
 
 // TODO: consider removing tcp/udp/https modules...
 #[cfg(feature = "dns-over-https")]
-mod https_client_connection;
+mod h2_client_connection;
 
 pub use trust_dns_proto as proto;
 
 /// The https module which contains all https related connection types
 #[cfg(feature = "dns-over-https")]
 #[cfg_attr(docsrs, doc(cfg(feature = "dns-over-https")))]
-pub mod https {
-    pub use super::https_client_connection::HttpsClientConnection;
+pub mod h2 {
+    pub use super::h2_client_connection::HttpsClientConnection;
 }
 
 /// Returns a version as specified in Cargo.toml

crates/proto/Cargo.toml

@@ -37,8 +37,8 @@ dns-over-openssl = ["dns-over-tls", "openssl", "tokio-openssl", "tokio-runtime"]
 
 dns-over-https-rustls = ["dns-over-https"]
 dns-over-https = ["bytes", "h2", "http", "dns-over-rustls", "tokio-runtime"]
-
 dns-over-quic = ["quinn", "rustls/quic", "dns-over-rustls", "bytes", "tokio-runtime"]
+dns-over-h3 = ["h3", "h3-quinn", "quinn", "http", "dns-over-quic"]
 
 native-certs = ["dep:rustls-native-certs"]
 
@@ -79,6 +79,8 @@ futures-channel = { workspace = true, default-features = false, features = ["std
 futures-io = { workspace = true, default-features = false, features = ["std"] }
 futures-util = { workspace = true, default-features = false, features = ["std"] }
 h2 = { workspace = true, features = ["stream"], optional = true }
+h3 = { workspace = true, optional = true }
+h3-quinn = { workspace = true, optional = true }
 http = { workspace = true, optional = true }
 idna.workspace = true
 ipnet.workspace = true

crates/proto/src/https/https_client_stream.rs → crates/proto/src/h2/h2_client_stream.rs

@@ -28,6 +28,7 @@ use tokio_rustls::{
 use tracing::{debug, warn};
 
 use crate::error::ProtoError;
+use crate::http::Version;
 use crate::iocompat::AsyncIoStdAsTokio;
 use crate::op::Message;
 use crate::tcp::{Connect, DnsTcpStream};
@@ -71,7 +72,8 @@ impl HttpsClientStream {
         };
 
         // build up the http request
-        let request = crate::https::request::new(&name_server_name, message.remaining());
+        let request =
+            crate::http::request::new(Version::Http2, &name_server_name, message.remaining());
 
         let request =
             request.map_err(|err| ProtoError::from(format!("bad http request: {err}")))?;
@@ -160,12 +162,12 @@ impl HttpsClientStream {
                             ProtoError::from(format!("ContentType header not a string: {err}"))
                         })
                     })
-                    .unwrap_or(Ok(crate::https::MIME_APPLICATION_DNS))?;
+                    .unwrap_or(Ok(crate::http::MIME_APPLICATION_DNS))?;
 
-                if content_type != crate::https::MIME_APPLICATION_DNS {
+                if content_type != crate::http::MIME_APPLICATION_DNS {
                     return Err(ProtoError::from(format!(
                         "ContentType unsupported (must be '{}'): '{}'",
-                        crate::https::MIME_APPLICATION_DNS,
+                        crate::http::MIME_APPLICATION_DNS,
                         content_type
                     )));
                 }

crates/proto/src/https/https_server.rs → crates/proto/src/h2/h2_server.rs

@@ -18,7 +18,8 @@ use http::header::CONTENT_LENGTH;
 use http::{Method, Request};
 use tracing::debug;
 
-use crate::https::HttpsError;
+use crate::h2::HttpsError;
+use crate::http::Version;
 
 /// Given an HTTP request, return a future that will result in the next sequence of bytes.
 ///
@@ -34,7 +35,7 @@ where
     debug!("Received request: {:#?}", request);
 
     let this_server_name = this_server_name.as_deref();
-    match crate::https::request::verify(this_server_name, &request) {
+    match crate::http::request::verify(Version::Http2, this_server_name, &request) {
         Ok(_) => (),
         Err(err) => return Err(err),
     }
@@ -97,7 +98,7 @@ mod tests {
     use std::pin::Pin;
     use std::task::{Context, Poll};
 
-    use crate::https::request;
+    use crate::http::request;
     use crate::op::Message;
 
     use super::*;
@@ -123,7 +124,7 @@ mod tests {
         let msg_bytes = message.to_vec().unwrap();
         let len = msg_bytes.len();
         let stream = TestBytesStream(vec![Ok(Bytes::from(msg_bytes))]);
-        let request = request::new("ns.example.com", len).unwrap();
+        let request = request::new(Version::Http2, "ns.example.com", len).unwrap();
         let request = request.map(|()| stream);
 
         let from_post = message_from(Some(Arc::from("ns.example.com")), request);

crates/proto/src/https/mod.rs → crates/proto/src/h2/mod.rs

@@ -7,17 +7,11 @@
 
 //! TLS protocol related components for DNS over HTTPS (DoH)
 
-const MIME_APPLICATION_DNS: &str = "application/dns-message";
-const DNS_QUERY_PATH: &str = "/dns-query";
+mod h2_client_stream;
+pub mod h2_server;
 
-mod error;
-mod https_client_stream;
-pub mod https_server;
-pub mod request;
-pub mod response;
+pub use crate::http::error::{Error as HttpsError, Result as HttpsResult};
 
-pub use self::error::{Error as HttpsError, Result as HttpsResult};
-
-pub use self::https_client_stream::{
+pub use self::h2_client_stream::{
     HttpsClientConnect, HttpsClientResponse, HttpsClientStream, HttpsClientStreamBuilder,
 };