Support DNS over HTTPS #53
Description
- Version: v0.36.4
- Platform: Node and Browser
- Subsystem: DNS
Type: Feature
Severity: Low
Problem
When running in Node, js-ipfs uses system resolver (/etc/resolv.conf)
When run in web browser context, we don't have access to UDP sockets, so since ipfs/js-ipfs#1172 js-ipfs running on webpages delegates DNS queries to https://ipfs.io/api/v0/dns?arg=${domain}.
Solution
- Make it possible for user to set arbitrary DNS resolvers (plural)
jsipfs config DNS.HttpsResolvers ["https://mozilla.cloudflare-dns.com/dns-query"]- initial implementation should pick one at random, future ones can be smarter and temporarily blacklist resolvers that are known to be down
- Default behavior
- Node: we may still use system resolver in Node, but should always switch to DoH if user provided one in config
- Browser: To remove dependency on our gateway js-ipfs should use well-known public DNS over HTTPS (DoH) in Browser by default, and stop hitting
https://ipfs.io/api/v0/dnswhich is a single point of failure
RFC8484: Notes on binary format and
@hugomrdias's recent work on IPNS over DNS confirmed we are able to use binary DNS over HTTPS in web browser context, which makes it possible to use any DNS over HTTPS (DoH) server compatible with RFC8484
I repeat: we should not need to use proprietary JSON format supported by Google and Cloudflare, but rely on native DNS query sent as HTTP GET encoded in Base64, as specified in example in RFC8484. This enables users to have better choice of DNS servers with DoH support: any server will do, as long it implements RFC8484.
References
- DNS Queries over HTTPS (DoH): https://tools.ietf.org/html/rfc8484
- A cartoon intro to DNS over HTTPS: https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
- DNS-over-HTTPS in Firefox: https://wiki.mozilla.org/Trusted_Recursive_Resolver
- Test endpoints (rfc8484):