[Dnsmasq-discuss] Implementation of DOH in dnsmasq
Nicolas Cavallari
Nicolas.Cavallari at green-communications.fr
Wed Jun 20 09:11:53 BST 2018
On 14/06/2018 22:32, Kurt H Maier wrote:
> On Thu, Jun 14, 2018 at 09:38:42PM +0200, Mateusz Jończyk wrote:
>>
>> How difficult would it be to add support to DNS over HTTP/2.0 in dnsmasq, for
>> example in constrained environments like home routers?
>>
>
> This should be handled with a wrapper program. HTTP/2.0 is an enormous
> and ill-defined specification and it would not be appropriate to bolt it
> directly into dnsmasq. A dedicated HTTP/2.0 daemon can talk to dnsmasq
> on the backend to provide this service. Home routers are not
> particularly constrained in this regard, since they generally have web
> services running to begin with.
It's much more than that. To be secure, TLS requires time, entropy and a CA
list. Many home routers fails at having all three, or require the DNS to get
time and CAs...
>> Please send any replies to the DoH mailing list at <doh at ietf.org>.
>
> Why?
Because by doing so you will be subjected to the various IETF policies that
applies to anyone participating on the IETF mailing list, which includes
copyright grants, patents disclosure and other things that should be read by a
lawyer.
More information about the Dnsmasq-discuss
mailing list