Hi folks, As one of my own observation, there is a trend of using port http(s) for DNS transaction to provide better DNS service regarding DNS Hijacking issue, middle-box issue, DNS privacy and IP Geolocation consideration. As a typical scenario and requirement, end users will benefit from the capability always choosing the reliable and credible recursive server no matter where they are. In addition, Ads providers can alleviate their suffering from DNS Hijacking by malware and network devices, which is a common Internet misbehavior nowadays. I heard the constant complaining from local Ads providers like Taobao and Baidu.
There are some related work already done from the industry, for example: 1) DNSpod serves DNS over HTTP service called ‘D+’ to help their clients get avoid DNS hijacking, with lower RRT. This service is used by Tencent to identify clients’ ISP accurately. (https://www.dnspod.cn/httpdns <https://www.dnspod.cn/httpdns> only in Chinese) 2) DNSSEC trigger uses DNS over HTTP as a back-up for DNSSEC validation failure (https://www.nlnetlabs.nl/projects/dnssec-trigger/ <https://www.nlnetlabs.nl/projects/dnssec-trigger/>) 3) Restful DNS API (DNS in Json ) allows to perform DNS queries over HTTP in Json format. (http://www.dns-lg.com/ <http://www.dns-lg.com/>) Also, PowerDNS supports DNS queries over HTTP in Json format by a “experimental-json-interface=yes” config.( https://doc.powerdns.com/md/httpapi/README/ <https://doc.powerdns.com/md/httpapi/README/>) 4) DNSoverHTTP using proxies as a quick deployment tool which encapsulates DNS package into HTTP connections. These proxies are implemented both in C(https://github.com/BII-Lab/DNSoverHTTP <https://github.com/BII-Lab/DNSoverHTTP>/) and golang(https://github.com/BII-Lab/DNSoverHTTPinGO <https://github.com/BII-Lab/DNSoverHTTPinGO>/) There are maybe other variations in different . Due to there is no specific standard about DNS over HTTP(s), implementations vary without interoperability with each other. Some implementations can not fully support all DNS records. As far as I know, there is no document to address that issue. So I’m considering if there is any worth to document the current practice of DNS over http(s) with suggestions to implementation and operation. If necessary we can also defined/assign some parameters for DNS over HTTP(s) in the scope of W3C or IANA So an intuitive thinking is that we can unify some parameters of HTTP protocol for DNS application. Here is a list of parameters which might need to be unify as my own concern: 1. Resource name: To distinguish DNS over HTTP with normal HTTP request, there should be a unique resource name for DNS over HTTP (there are cases Web and DNS services are hosted in a same server ). For example, in our proxy implementation we use “proxy-dns” as resource name to differentiate from other webpage resources 2. Content type: To avoid DNS over HTTP request be processed by unsupported server mistakenly. DNS over HTTP may use a unique sub content type under content type application. 3. Return code:(I’m not very sure whether this parameter is necessary) To indicate client the errors, DNS over HTTP may have a set of return code(error code). 4. Post/Get: The server’s behavior to Post and Get method should be specified. A easy thinking is that the server might return the description of DNS over HTTP when client use Get method while provide DNS over HTTP service when client use Post method. 5. Other parameter : There might be some parameters need be added in DNS over HTTP’s header, such as Host IP, UDP/TCP (http-proxy usage), Json/Octet-stream etc . Any suggestion please comment. Best regards, Davey ------------------------------ Davey Song(宋林健) BII Lab songlinj...@gmail.com
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
