AdGuardDNS icon indicating copy to clipboard operation
AdGuardDNS copied to clipboard

Published 20 hours ago verified publisher icon AdguardTeam

Oblivious DNS over HTTPS RFC 9230

Open ghost opened this issue 1 year ago • 1 comments

Issue Details

Issue raised for a day when ODoH is no longer experimental. I presume being privacy focused, AdGuard will want to include this protocol in their lineup.

https://www.rfc-editor.org/info/rfc9230

Abstract This document describes a protocol that allows clients to hide their IP addresses from DNS resolvers via proxying encrypted DNS over HTTPS (DoH) messages. This improves privacy of DNS operations by not allowing any one server entity to be aware of both the client IP address and the content of DNS queries and answers.

This experimental protocol has been developed outside the IETF and is published here to guide implementation, ensure interoperability among implementations, and enable wide-scale experimentation.

Proposed solution

No response

Alternative solution

No response

ghost avatar Jun 03 '23 08:06 ghost

This one's good question. We should probably support ODoH on the client side, i.e. in DnsLibs and dnsproxy/AdGuard Home, but I am not entirely sure about the ODoH proxy implementation and whether we should do this or not.

dnsproxy task: https://github.com/AdguardTeam/dnsproxy/issues/332

ameshkov avatar Jun 03 '23 10:06 ameshkov