dingo icon indicating copy to clipboard operation
dingo copied to clipboard

Published 20 hours ago verified publisher icon pforemski

QUIC support

Open pforemski opened this issue 8 years ago • 5 comments

DNS over QUIC is the reason why I started the project. Implementation would require a decent QUIC client library for Go, which I believe isn't available yet.

pforemski avatar Oct 13 '16 15:10 pforemski

I wait for a QUIC client library in pure Go from the quic-go project: https://github.com/lucas-clemente/quic-go/issues/310#issuecomment-253476265

pforemski avatar Oct 13 '16 21:10 pforemski

+1

heri16 avatar Nov 11 '16 05:11 heri16

Started in https://github.com/pforemski/dingo/commit/e3f018df1fc377aba815af8817124c3a1949fa4a - works but with some issues.

pforemski avatar Jan 18 '17 10:01 pforemski

QUIC support still seems broken. Here is an example error msg

i/o timeout (Client.Timeout exceeded while awaiting headers)

gripedthumbtacks avatar Apr 17 '17 20:04 gripedthumbtacks

So, there is a chicken and egg problem here. In order to utilize QUIC support, the QUIC crypto negotiation requires a DNS lookup, but where is that supposed to be handled if all DNS traffic is being filtered and only going over dingo? Do you see the issue? When using non-quic mode, you can set -gdns:server 1.2.3.4 or whatever IP address there to bypass the DNS lookup required to bootstrap dingo. However, there is no way to pass a static IP address to the -quic option, so when the QUIC protocol attempts to negotiate with dns.google.com, for instance, dingo attempts to perform a DNS lookup on that host. Attempting to bypass this using -gdns:sni and/or -gdns:host with a static IP will fail since the Google servers reject IP virtual hosts (for legitimate security reasons and QUIC client cannot easily verify the certificate chain). The question is, where is this QUIC DNS lookup being generated in the code (or is it in an upstream library) and can there be a bypass like the -gdns:server option to bypass the DNS lookup and pass an IP for the QUIC crypto negotiation to skip the DNS lookup?

QUIC appears to be using the -gdns:host value. So, I would propose a change that when -quic is enabled, the QUIC crypto negotiation utilize the -gdns:server value if it is a static IP address in place of the QUIC DNS lookup. Or, add a separate -qdns:host option that allows setting a static IP. Which do you prefer if we were to make a patch? Or do you have a preference?

gripedthumbtacks avatar Nov 29 '17 01:11 gripedthumbtacks