Re: DNS-over-HTTP Issue

Mon, 04 Aug 2025 10:13:57 -0700 

Your DNS client needs to use HTTP/2-without-TLS, not plain HTTP/1.
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.

> On 4. 8. 2025, at 18:53, Metin Akin <ad...@metinakin.net> wrote:
> 
> 
> Hi all,
> 
> I'm trying to configure internetsystemsconsortium/bind9:9.21 docker image to 
> act like a recursive DNS-over-HTTP server as a backend to another frontend 
> application that handles all of the HTTPS work from the client, but I 
> couldn't make the server work properly with even making direct requests.
> I activated the port 553 to test it as a regular DNS handler and it works, 
> but DNS-over-HTTP feature does not work over 8080 port. I'm sending a GET 
> request in RFC8484 format like this:
> 
> curl -H "Content-Type: application/dns-message" 
> 'http://<MY_SERVER_IP>:8080/dns-query?dns=qqoBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE'
> this returns "curl: (1) Received HTTP/0.9 when not allowed"
> 
> When I try this one:
> curl -H "Content-Type: application/dns-message" 
> 'http://<MY_SERVER_IP>:8080/dns-query?dns=qqoBAAABAAAAAAAAB2V4YW1wbGUDY29tAAABAAE'
>  --http0.9 --output -
> this returns d%
> 
> I have this named.conf file:
> 
> acl allowed_clients {
>   <MY_IP>/32;
> };
> 
> http doh {
>   endpoints { "/dns-query"; };
> };
> 
> options {
>   directory "/var/cache/bind";
> 
>   interface-interval 0;
> 
>   listen-on port 553 { any; };
> 
>   listen-on port 8080 tls none http doh { any; };
> 
>   allow-query { allowed_clients; };
>   allow-transfer { none; };
>   allow-notify { none; };
>   allow-update { none; };
>   allow-recursion { allowed_clients; };
> 
>   recursion yes;
> 
>   auth-nxdomain no;
> 
>   dnssec-validation no;
> };
> 
> logging{
>   channel simple_log {
>     stderr;
>     severity info;
>     print-time yes;
>     print-severity yes;
>     print-category yes;
>   };
>   category default{
>     simple_log;
>   };
> };
> 
> 
> Looking forward to your reply and thank you very much for your help in 
> advance!
> Metin
> 
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to