feat(gateway): allow localhost http:// DoH resolvers #645
Conversation
lidel
force-pushed
the
fix/allow-local-doh-endpoints
branch
from
e99d6ba to
f736895
Compare
Codecov ReportAttention: Patch coverage is
@@ Coverage Diff @@
## main #645 +/- ##
==========================================
+ Coverage 60.50% 60.55% +0.04%
==========================================
Files 245 245
Lines 31133 31133
==========================================
+ Hits 18838 18852 +14
+ Misses 10621 10607 -14
Partials 1674 1674
|
aschmahmann
force-pushed
the
fix/allow-local-doh-endpoints
branch
from
f736895 to
52cdf46
Compare
allows people to run own DoH resolver on the same box or within same secure VLAN/VPN/infra
aschmahmann
force-pushed
the
fix/allow-local-doh-endpoints
branch
from
52cdf46 to
3a62179
Compare
This PR works and for tools like CoreDNS that support DNS over HTTP (and not just HTTPS) this might be enough. If there's not enough support here folks might end up asking us for DNS over UDP / TCP support, but we can tackle that as the need arises. For what it's worth a nice thing about pushing on DNS-over-HTTP is that it makes it easier for folks who want to self-host while also using web-browsers since UDP/TCP are not available to javascript in browsers. For some cases like ENS this might not be a big deal since they can wrap the Ethereum JSON-RPC, but it might matter for other name systems. |
|
Updated the comment above given that CoreDNS does support DNS-over-HTTP in addition to DNS-over-HTTPS. FYI CoreDNS (and therefore the CoreDNS ENS resolver) supports DNS-over-HTTP, although the UX for this is that you configure listening on "https://" rather than "http://" and just not pass a certificate (which is what tripped me up initially 😅). I think we should be good to go on a merge here, pending reviews. |
lidel
changed the title
|
@aschmahmann thank you for adding tests and libp2p/go-doh-resolver#28. Lgtm. I've reviewed libp2p/go-doh-resolver#28, limited it to Merging as it cleans up go.mod as bit as well. |
lidel
changed the title
commit from main branch that includes: ipfs/boxo#645 ipfs/boxo#782 ipfs/boxo#781
* fix(dns): update default DNSLink resolvers Depends on - ipfs/boxo#781 - ipfs/boxo#782 * chore: latest boxo main and go-doh-resolver v0.5.0 makes error message better, informing which URL failled * chore: p2p-forge v0.2.1+ this removes acmez/v2 and fixes go vet * chore: latest boxo with DoH fixes commit from main branch that includes: ipfs/boxo#645 ipfs/boxo#782 ipfs/boxo#781
* fix(dns): update default DNSLink resolvers Depends on - ipfs/boxo#781 - ipfs/boxo#782 * chore: latest boxo main and go-doh-resolver v0.5.0 makes error message better, informing which URL failled * chore: p2p-forge v0.2.1+ this removes acmez/v2 and fixes go vet * chore: latest boxo with DoH fixes commit from main branch that includes: ipfs/boxo#645 ipfs/boxo#782 ipfs/boxo#781 (cherry picked from commit b021a00)
This PR allows people to run own DNS over HTTP(S) resolver on the same box (localhost) without setting up unnecessary TLS certs.
Main use case is to simplify self-hosting of non-ICANN DNS systems such as ENS resolver (https://github.com/ethlimo/limo-web3-dns) by gateway operators who don't want to trust third-party DNS resolvers.
[ ] relax https://github.com/multiformats/go-multiaddr-dns (if needed)(doesn't appear to be needed)