ooni.org icon indicating copy to clipboard operation
ooni.org copied to clipboard
verified publisher icon ooni

track DNS HTTPS Resource Records

Open eighthave opened this issue 2 years ago • 0 comments

@hellais when we last met, we discussed OONI tracking HTTPS DNS requests. This is a follow up to track that. The new HTTPS RR is a new DNS request that lets clients/browsers do a single DNS request and get all of the required info needed to make a direct, modern HTTPS connection without extra roundtrips for auto-detection. For example:

  • IPv4 / IPv6
  • TCP port number
  • HTTP/2 or HTTP/3
  • ECHConfig

I estimate there will be two kinds of blocking activities related to HTTPS RRs that would be quite useful to track:

  • Different HTTPS RRs served from the same DoH server but in different regions (e.g. specific legal orders, takedowns, etc.)
  • Neutral HTTPS RRs not available from DNS servers in specific regions (ISPs/govs/etc attempting to restrict the general usage of HTTPS RRs).

This is related to https://github.com/ooni/probe-cli/pull/1217

@sftcd @aaronkaplan @bassosimone FYI

eighthave avatar Oct 03 '23 11:10 eighthave