[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gnu-soc] [Bug-wget] GSoC'18: DNS over HTTPS.

From: Daniel Stenberg
Subject: Re: [gnu-soc] [Bug-wget] GSoC'18: DNS over HTTPS.
Date: Wed, 21 Mar 2018 23:26:07 +0100 (CET)
User-agent: Alpine 2.20 (DEB 67 2015-01-07)

On Wed, 21 Mar 2018, Aniketh Gireesh wrote:

I was interested in a project inside Wget2 called DNS-over-HTTPS and I have prepared a proposal for the same[1].


Here's some quick minor feedback from me on the proposal and the project. Over all it seems like a sensible approach. I've implemented DNS-over-HTTPS for Firefox and my feedback here is only as an individual with an interest to help out.

- When specifying a DOH resolver to wget, it should rather be a full URI.
  Just a host name or an IP address will not be enough. DOH is performed
  against URIs. The same host can run many different servers, DOH and others.

- Since this is HTTPS and you won't find many servers with certs for IPs out
  there, you can be sure you'll need to use host names in the URI so that
  the cert checks work out.

- Since you'll then need to resolve a host name to reach the resolver, you
  need to solve the bootstrap: you either need a configured IP for the host or
  you need to use the native resolver first to find the IP to the DOH

- "Send them in parallel if possible (not sure how DoH specifies this)" - You
  don't really send them in parallel since you use a single connection, but
  since you'll use http2 they will just be two small requests sent next to
  each other on the connection.

Good luck!



reply via email to

[Prev in Thread] Current Thread [Next in Thread]