boxo icon indicating copy to clipboard operation
boxo copied to clipboard
verified publisher icon ipfs

fix(dns): allow http:// DoH resolvers

Open lidel opened this issue 1 year ago • 1 comments

This PR allows people to run own DNS over HTTP(S) resolver on the same box or within same secure LAN, without setting up unnecessary TLS certs.

Main use case is to simplify self-hosting of ENS resolves by gateway operations etc.

  • [ ] relax https://github.com/libp2p/go-doh-resolver/blob/f2e25860684789200e3a3a911dc9a74d01771d5b/resolver.go#L55
  • [ ] relax https://github.com/multiformats/go-multiaddr-dns (if needed)
  • [ ] test end-to-end with localhost resolver

lidel avatar Jul 29 '24 21:07 lidel

Codecov Report

Attention: Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.

Project coverage is 60.55%. Comparing base (08526ad) to head (df49e98). Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
gateway/dns.go 0.00% 1 Missing and 1 partial :warning:

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #645      +/-   ##
==========================================
+ Coverage   60.50%   60.55%   +0.04%     
==========================================
  Files         245      245              
  Lines       31133    31133              
==========================================
+ Hits        18838    18852      +14     
+ Misses      10621    10607      -14     
  Partials     1674     1674
Files with missing lines Coverage Δ
gateway/dns.go 60.00% <0.00%> (+22.22%) :arrow_up:

... and 8 files with indirect coverage changes

codecov[bot] avatar Jul 29 '24 21:07 codecov[bot]

Main use case is to simplify self-hosting of ENS resolves by gateway operations etc.

This PR works and for tools like CoreDNS that support DNS over HTTP (and not just HTTPS) this might be enough. If there's not enough support here folks might end up asking us for DNS over UDP / TCP support, but we can tackle that as the need arises.

For what it's worth a nice thing about pushing on DNS-over-HTTP is that it makes it easier for folks who want to self-host while also using web-browsers since UDP/TCP are not available to javascript in browsers. For some cases like ENS this might not be a big deal since they can wrap the Ethereum JSON-RPC, but it might matter for other name systems.

aschmahmann avatar Dec 23 '24 19:12 aschmahmann

Updated the comment above given that CoreDNS does support DNS-over-HTTP in addition to DNS-over-HTTPS.

FYI CoreDNS (and therefore the CoreDNS ENS resolver) supports DNS-over-HTTP, although the UX for this is that you configure listening on "https://" rather than "http://" and just not pass a certificate (which is what tripped me up initially 😅).

I think we should be good to go on a merge here, pending reviews.

aschmahmann avatar Dec 23 '24 21:12 aschmahmann

@aschmahmann thank you for adding tests and https://github.com/libp2p/go-doh-resolver/pull/28. Lgtm.

I've reviewed https://github.com/libp2p/go-doh-resolver/pull/28, limited it to localhost, merged, released, and switched this PR to go-doh-resolver v0.5.0.

Merging as it cleans up go.mod as bit as well.

lidel avatar Jan 08 '25 22:01 lidel