Skip to content

ntblk/dns-doh

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

dns-doh

dns-doh is a simple isomorphic DNS-over-HTTPS client library. This module is a work in progress at the IETF103 hackathon and not yet for production use.

Why?

DNS-Over-HTTP (DOH) is new standardization work by the Internet Engineering Task Force, formalized in Internet Draft draft-ietf-doh-dns-over-https-01, that suggests a mechanism for making DNS queries over HTTP (specifically, HTTPS). Such a technology is useful because HTTPS encrypts the request as it transits the network between client and DNS server, whereas "bare DNS" does not (the domain name being requested is sent as clear text in a normal DNS query).
Therefore, under current DNS, network intermediaries are easily able to determine which services users are requesting (and to which IP addresses those service names resolve). This information can be used by the intermediary to block (or at the very last, measure or catalog) access to certain services.

When the client uses DOH in combination with HTTPS (the latter common to most web queries), a network intermediary can "see" only a resolved IP address. Without the "context" provided by having "sniffed" the clear-text host name, it is far more difficult for a malicious intermediary to know which IP addresses should be blocked.

Synopsis

NetBlocks

dns-doh is a DNS-over-HTTPS client library implementing RFC8484 that looks up hostnames and returns responses including resolved IPv4 and IPv6 addresses. This simple application just accepts a single domain name and echoes the results (from the configured set of DOH-enabled servers) to the page.

This package is maintained as part of the NetBlocks.org network observation framework.

Features

  • JSON wire format
  • Multiple DOH-enabled DNS resolvers queried

Releases

No releases published

Packages

No packages published