Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nginx-dns doesn’t unpad queries nor pads responses #2

Open
jedisct1 opened this issue Dec 4, 2019 · 0 comments
Open

nginx-dns doesn’t unpad queries nor pads responses #2

jedisct1 opened this issue Dec 4, 2019 · 0 comments

Comments

@jedisct1
Copy link

jedisct1 commented Dec 4, 2019

The size of DNS queries and their responses are among the most important features that can be used to classify encrypted DNS traffic.

To mitigate this, implementing padding is essential and is mentioned in the DoH specification (RFC8484).

Padding can be done with HTTP/2 padding frames (RFC7540 § 6.1), by rewriting DNS packets to include or remove the EDNS(0) padding option (RFC7830), or by adding a dummy HTTP/2 header (guaranteed to not be compressed) to make the total length a multiple of the block size.

For DoT, DNS packets must be modified to add or remove the EDNS(0) padding option.
@jedisct1 jedisct1 changed the title nginx-dns doesn’t unpad queries nor pad responses nginx-dns doesn’t unpad queries nor pads responses Dec 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jedisct1