Re: [Dnsmasq-discuss] Implementation of DOH in dnsmasq
On Wed, Jun 20, 2018 at 10:11:53AM +0200, Nicolas Cavallari wrote: > On 14/06/2018 22:32, Kurt H Maier wrote: > > On Thu, Jun 14, 2018 at 09:38:42PM +0200, Mateusz Jo??czyk wrote: > >> > >> How difficult would it be to add support to DNS over HTTP/2.0 in dnsmasq, > >> for > >> example in constrained environments like home routers? > >> > > > > This should be handled with a wrapper program. HTTP/2.0 is an enormous > > and ill-defined specification and it would not be appropriate to bolt it > > directly into dnsmasq. A dedicated HTTP/2.0 daemon can talk to dnsmasq > > on the backend to provide this service. Home routers are not > > particularly constrained in this regard, since they generally have web > > services running to begin with. > > It's much more than that. To be secure, TLS requires time, entropy and a CA > list. Many home routers fails at having all three, or require the DNS to get > time and CAs... > > >> Please send any replies to the DoH mailing list at . > > > > Why? > > Because by doing so you will be subjected to the various IETF policies that > applies to anyone participating on the IETF mailing list, which includes > copyright grants, patents disclosure and other things that should be read by a > lawyer. > No new text, just doing the } Please send any replies to the DoH mailing list at . Groeten Geert Stappers Subscriber of mailinglist dnsmasq-discuss@lists.thekelleys.org.uk -- Leven en laten leven ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Implementation of DOH in dnsmasq
On 14/06/2018 22:32, Kurt H Maier wrote: > On Thu, Jun 14, 2018 at 09:38:42PM +0200, Mateusz Jończyk wrote: >> >> How difficult would it be to add support to DNS over HTTP/2.0 in dnsmasq, for >> example in constrained environments like home routers? >> > > This should be handled with a wrapper program. HTTP/2.0 is an enormous > and ill-defined specification and it would not be appropriate to bolt it > directly into dnsmasq. A dedicated HTTP/2.0 daemon can talk to dnsmasq > on the backend to provide this service. Home routers are not > particularly constrained in this regard, since they generally have web > services running to begin with. It's much more than that. To be secure, TLS requires time, entropy and a CA list. Many home routers fails at having all three, or require the DNS to get time and CAs... >> Please send any replies to the DoH mailing list at . > > Why? Because by doing so you will be subjected to the various IETF policies that applies to anyone participating on the IETF mailing list, which includes copyright grants, patents disclosure and other things that should be read by a lawyer. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Implementation of DOH in dnsmasq
On Thu, Jun 14, 2018 at 09:38:42PM +0200, Mateusz Jończyk wrote: > > How difficult would it be to add support to DNS over HTTP/2.0 in dnsmasq, for > example in constrained environments like home routers? > This should be handled with a wrapper program. HTTP/2.0 is an enormous and ill-defined specification and it would not be appropriate to bolt it directly into dnsmasq. A dedicated HTTP/2.0 daemon can talk to dnsmasq on the backend to provide this service. Home routers are not particularly constrained in this regard, since they generally have web services running to begin with. > Please send any replies to the DoH mailing list at . Why? khm ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss