[dns-operations] 答复: A dns-proxy for DNS over HTTP(s)

Davey Song (宋林健) ljsong at biigroup.cn
Sat May 16 08:03:52 UTC 2015


Note that it will fail if some query loop happened in proxy GW. For example the case I just offer :  proxy_dns_gw -s "http://fcgi.dnsv6lab.net" -l ::,53. If the GW server happens to  use 127.0.0.1 as one of its /etc/resolv.conf nameservers, then proxy_dns_gw will not be able to run any dns queries of its own (fcgi.dnsv6lab in this case).

The ::1,:: and 127.0.0.1 are obvious  loops. But if you run gw on A pointing its -s at B, and B's resolv.conf is A, that will fail as well. It happens when anyone want to put the test environment in LAN or between Virtual boxes. 

Although it is not typical use case , we will try to  fix it to accommodate both requirements: 1) to list local server into resolv.conf , 2)to use domain for the server instead of literal IP address.

Davey

发件人: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] 代表 Davey Song (宋林健)
发送时间: 2015年5月16日 13:49
收件人: dns-operations at dns-oarc.net
主题: [dns-operations] A dns-proxy for DNS over HTTP(s)

Hi folks,

There is an interesting open source project for DNS over HTTP(s): https://github.com/BII-Lab/DNSoverHTTP . 

In this project we intend to provide an easy way to deploy and use the feature of HTTP(s) for DNS transactions which provides capability for privacy consideration, transparence to the middle box, persistent TCP connection etc. it is worth to mention that the protocol used by the dns_proxy service is alarmingly simple. There's no JSON or XML encoding provide; the DNS query and response are sent as raw binary via the "libcurl" library on the client side and the "libfcgi" library on the server side. 

The current software is conceived and drafted by Paul Vixie during WIDE CAMP 2015-03. Engineers from BII lab help for testing and maintenance. Now It works for both IPv4/IPv6, UDP/TCP, EDNS0. We encourage more people to join us by forking, submitting optimized changes and using it. Now There is already serval servers running for testing:

 http://[2001:559:8000:cd::5]
 http://24.104.150.209
 http://fcgi.dnsv6lab.net (IPv6-only)
 
For example when you install the client: 
proxy_dns_gw -s "http://fcgi.dnsv6lab.net" -l ::,53  OR  proxy_dns_gw -s " http://24.104.150.209" -l 127.0.0.1,53

Please feel free to try and report any error or suggestions to us (Paul, Davey or just propose in this ML)

Cheers,
Davey

------------------------
Davey Song 宋林健
Director of BII Lab
Telephone: 86+13810106659








More information about the dns-operations mailing list