fix(dns): allow http:// DoH resolvers #645
Conversation
allows people to run own DoH resolver on the same box or within same secure VLAN/VPN/infra
lidel
force-pushed
the
fix/allow-local-doh-endpoints
branch
from
e99d6ba
to
f736895
Compare
Codecov ReportAttention: Patch coverage is
@@ Coverage Diff @@
## main #645 +/- ##
==========================================
+ Coverage 59.75% 59.87% +0.12%
==========================================
Files 238 238
Lines 29999 29999
==========================================
+ Hits 17926 17963 +37
+ Misses 10450 10418 -32
+ Partials 1623 1618 -5
|
| @@ -15,8 +15,8 @@ var defaultResolvers = map[string]string{ | |||
| } | |||
|
|
|||
| func newResolver(url string, opts ...doh.Option) (madns.BasicResolver, error) { | |||
| if !strings.HasPrefix(url, "https://") { | |||
| return nil, fmt.Errorf("invalid resolver url: %s", url) | |||
| if !strings.HasPrefix(url, "https://") && !strings.HasPrefix(url, "http://") { | |||
There was a problem hiding this comment.
I don't think this is going to be enough:
https://github.com/libp2p/go-doh-resolver/blob/f2e25860684789200e3a3a911dc9a74d01771d5b/resolver.go#L55
Note: AFAICT there is no DNS-over-HTTP spec for some reason it's specified as being over HTTPS, however I definitely see your point and have definitely felt the pain over the self-signed cert dance just to run local resolvers
There was a problem hiding this comment.
Yep, filled this PR because I am looking at https://github.com/libp2p/go-doh-resolver and https://github.com/multiformats/go-multiaddr-dns to wire up TTL (to fix #329 (comment) for DNSLinks), so likely will relax things there as well, and get back to this PR draft.
This PR allows people to run own DNS over HTTP(S) resolver on the same box or within same secure LAN, without setting up unnecessary TLS certs.
Main use case is to simplify self-hosting of ENS resolves by gateway operations etc.