Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: DNS over HTTPS in Go to replace Unbound #137

Open
qdm12 opened this issue Apr 12, 2020 · 10 comments · Fixed by #1742
Open

Feature request: DNS over HTTPS in Go to replace Unbound #137

qdm12 opened this issue Apr 12, 2020 · 10 comments · Fixed by #1742
Assignees

Comments

@qdm12
Copy link
Owner

qdm12 commented Apr 12, 2020

We should adopt https://github.com/qdm12/dns/releases/tag/v2.0.0-rc5 even if it has no DNSSEC validation builtin yet. Main reason being most domains are not DNSSEC secured, and so your DNS provider (cloudflare, google etc.) can lie about the records for these unsecured domains, even if you can securely proof these are unsecured. So not really a point so much, although this will be done (see qdm12/dns#97)

This is blocked by an upgrade of the qdm12/gosettings library to v0.4.0-rc9

@denizdogan
Copy link

I just wanted to check in on the progress here! Are we there yet? 😄

@qdm12
Copy link
Owner Author

qdm12 commented Jun 11, 2022

It's still a work in progress at https://github.com/qdm12/dns/tree/v2.0.0-beta I can't give an exact timeline, but it's almost done.

@jcheroske
Copy link

It would be great if a specific DoT server could be specified, and not just providers. Not sure if this is doable now, but I haven't been able to find it.

@frepke
Copy link
Collaborator

frepke commented Apr 30, 2023

It's still a work in progress at https://github.com/qdm12/dns/tree/v2.0.0-beta I can't give an exact timeline, but it's almost done.

Hi Quentin, any information available?
And can we expect an implementation in Gluetun when it's ready?

@qdm12
Copy link
Owner Author

qdm12 commented Jul 11, 2023

Can anyone try image qmcgaw/gluetun:pr-1742? It uses DNS over TLS in Go which I wrote with my own lil' fingers (arguably better than dns over https). Options should all be the same as before. The main difference is it doesn't do DNSSEC validation, which, after a lot of digging, turns out to be not that useful. I'll work on it though, but it doesn't feel like a blocking priority to drop Unbound.

This will allow a lot more options and customizations (even Prometheus metrics at some point, it's already in the dns server Go code).

@pduchnovsky
Copy link

pduchnovsky commented Jan 6, 2024

Can anyone try image qmcgaw/gluetun:pr-1742? It uses DNS over TLS in Go which I wrote with my own lil' fingers (arguably better than dns over https). Options should all be the same as before. The main difference is it doesn't do DNSSEC validation, which, after a lot of digging, turns out to be not that useful. I'll work on it though, but it doesn't feel like a blocking priority to drop Unbound.

This will allow a lot more options and customizations (even Prometheus metrics at some point, it's already in the dns server Go code).

What needs to be tested exactly ?
Also, how safe is it to test this version in 'production' at this stage ? :D
Also, this would bring no improvement for people using DOT=off with DNS_PLAINTEXT_ADDRESS= right.
I am experiencing huge spikes in memory usage even with these settings so I was looking for a solution, even with 1500 mem limits gluetun reaches max memory and gets killed off, breaking remaining connections etc.. :/
This is with 50MB/s usage.

@gaby
Copy link

gaby commented Mar 27, 2024

@qdm12 Why not use CoreDNS? That way people can use their CoreFile and also get access to all the functionality of CoreDNS. It's based in Go

Copy link
Contributor

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

1 similar comment
Copy link
Contributor

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

@qdm12
Copy link
Owner Author

qdm12 commented Nov 7, 2024

Re-opening because the implementation is not supporting DNS over HTTPs yet (the dns library does, but the gluetun code was not adapted yet)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants