-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(dns): allow http:// DoH resolvers #645
base: main
Are you sure you want to change the base?
Conversation
allows people to run own DoH resolver on the same box or within same secure VLAN/VPN/infra
e99d6ba
to
f736895
Compare
Codecov ReportAttention: Patch coverage is
@@ Coverage Diff @@
## main #645 +/- ##
==========================================
+ Coverage 59.75% 59.87% +0.12%
==========================================
Files 238 238
Lines 29999 29999
==========================================
+ Hits 17926 17963 +37
+ Misses 10450 10418 -32
+ Partials 1623 1618 -5
|
@@ -15,8 +15,8 @@ var defaultResolvers = map[string]string{ | |||
} | |||
|
|||
func newResolver(url string, opts ...doh.Option) (madns.BasicResolver, error) { | |||
if !strings.HasPrefix(url, "https://") { | |||
return nil, fmt.Errorf("invalid resolver url: %s", url) | |||
if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is going to be enough:
https://github.com/libp2p/go-doh-resolver/blob/f2e25860684789200e3a3a911dc9a74d01771d5b/resolver.go#L55
Note: AFAICT there is no DNS-over-HTTP spec for some reason it's specified as being over HTTPS, however I definitely see your point and have definitely felt the pain over the self-signed cert dance just to run local resolvers
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, filled this PR because I am looking at https://github.com/libp2p/go-doh-resolver and https://github.com/multiformats/go-multiaddr-dns to wire up TTL (to fix #329 (comment) for DNSLinks), so likely will relax things there as well, and get back to this PR draft.
This PR allows people to run own DNS over HTTP(S) resolver on the same box or within same secure LAN, without setting up unnecessary TLS certs.
Main use case is to simplify self-hosting of ENS resolves by gateway operations etc.