[Dnsmasq-discuss] Implementation of DOH in dnsmasq

Geert Stappers stappers at stappers.nl
Wed Jun 20 09:57:56 BST 2018


On Wed, Jun 20, 2018 at 10:11:53AM +0200, Nicolas Cavallari wrote:
> On 14/06/2018 22:32, Kurt H Maier wrote:
> > On Thu, Jun 14, 2018 at 09:38:42PM +0200, Mateusz Jo??czyk wrote:
> >>
> >> How difficult would it be to add support to DNS over HTTP/2.0 in dnsmasq, for
> >> example in constrained environments like home routers?
> >>
> > 
> > This should be handled with a wrapper program.  HTTP/2.0 is an enormous
> > and ill-defined specification and it would not be appropriate to bolt it
> > directly into dnsmasq.  A dedicated HTTP/2.0 daemon can talk to dnsmasq
> > on the backend to provide this service.  Home routers are not
> > particularly constrained in this regard, since they generally have web 
> > services running to begin with.
> 
> It's much more than that. To be secure, TLS requires time, entropy and a CA
> list. Many home routers fails at having all three, or require the DNS to get
> time and CAs...
> 
> >> Please send any replies to the DoH mailing list at <doh at ietf.org>.
> > 
> > Why?
> 
> Because by doing so you will be subjected to the various IETF policies that
> applies to anyone participating on the IETF mailing list, which includes
> copyright grants, patents disclosure and other things that should be read by a
> lawyer.
> 

No new text, just doing the
} Please send any replies to the DoH mailing list at <doh at ietf.org>.


Groeten
Geert Stappers
Subscriber of mailinglist dnsmasq-discuss at lists.thekelleys.org.uk
-- 
Leven en laten leven



More information about the Dnsmasq-discuss mailing list