Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

Support DNS over HTTPS #53

Closed
lidel opened this issue Jul 3, 2019 · 4 comments · Fixed by #55
Closed

Support DNS over HTTPS #53

lidel opened this issue Jul 3, 2019 · 4 comments · Fixed by #55
Assignees
@achingbrain @SgtPooki
Labels
P2 Medium: Good to have, but can wait until someone steps up status/ready Ready to be worked

Comments

@lidel
Copy link
Member

lidel commented Jul 3, 2019
edited
Loading

  • Version: v0.36.4
  • Platform: Node and Browser
  • Subsystem: DNS

Type: Feature

Severity: Low

Problem

When running in Node, js-ipfs uses system resolver (/etc/resolv.conf)

When run in web browser context, we don't have access to UDP sockets, so since ipfs/js-ipfs#1172 js-ipfs running on webpages delegates DNS queries to https://ipfs.io/api/v0/dns?arg=${domain}.

Solution

  • Make it possible for user to set arbitrary DNS resolvers (plural)
    • jsipfs config DNS.HttpsResolvers ["https://mozilla.cloudflare-dns.com/dns-query"]
    • initial implementation should pick one at random, future ones can be smarter and temporarily blacklist resolvers that are known to be down
  • Default behavior
    • Node: we may still use system resolver in Node, but should always switch to DoH if user provided one in config
    • Browser: To remove dependency on our gateway js-ipfs should use well-known public DNS over HTTPS (DoH) in Browser by default, and stop hitting https://ipfs.io/api/v0/dns which is a single point of failure

RFC8484: Notes on binary format and

@hugomrdias's recent work on IPNS over DNS confirmed we are able to use binary DNS over HTTPS in web browser context, which makes it possible to use any DNS over HTTPS (DoH) server compatible with RFC8484

I repeat: we should not need to use proprietary JSON format supported by Google and Cloudflare, but rely on native DNS query sent as HTTP GET encoded in Base64, as specified in example in RFC8484. This enables users to have better choice of DNS servers with DoH support: any server will do, as long it implements RFC8484.

References
@alanshaw alanshaw added P2 Medium: Good to have, but can wait until someone steps up status/ready Ready to be worked labels Jul 10, 2019
@stskeeps
Copy link

Fwiw, proof of concept of binary DNS query over HTTPS in a browser, https://gist.github.com/stskeeps/d64d01f1ed42402405e294e5806f0970. -- one thing to keep in mind is that for example Google's doesn't give proper CORS headers

@lidel lidel mentioned this issue Jul 16, 2019
Closed
52 tasks
@hugomrdias hugomrdias mentioned this issue Jul 17, 2019
Closed
15 tasks
@lidel lidel mentioned this issue Jul 19, 2019
Closed
9 tasks
@todo todo bot mentioned this issue Sep 10, 2019
Merged
achingbrain referenced this issue in ipfs/js-ipfs Oct 23, 2019
@achingbrain
fix: revert evergreen webui
76e81a9 
Until we can resolve DNS names over HTTPS we can't trust that
someone hasn't hijacked the request, so revert the use of an IPNS
name to get the latest web ui CID.

Refs: https://github.com/ipfs/js-ipfs/issues/2212
@achingbrain achingbrain mentioned this issue Oct 23, 2019
Merged
alanshaw referenced this issue in ipfs/js-ipfs Oct 23, 2019
@achingbrain @alanshaw
fix: revert evergreen webui (#2557)
16806d9 
Until we can resolve DNS names over HTTPS we can't trust that
someone hasn't hijacked the request, so revert the use of an IPNS
name to get the latest web ui CID.

Refs: https://github.com/ipfs/js-ipfs/issues/2212
@DougAnderson444 DougAnderson444 mentioned this issue Jun 11, 2020
Closed
@lidel lidel mentioned this issue Jun 20, 2020
Open
@lidel lidel mentioned this issue Aug 28, 2020
Closed
@lidel lidel mentioned this issue Sep 29, 2020
Open
@SgtPooki SgtPooki self-assigned this May 17, 2023
@SgtPooki

This comment was marked as outdated.

Sign in to view
@achingbrain
Copy link
Member

This is still todo: https://github.com/ipfs/helia-ipns/blob/main/packages/ipns/src/utils/resolve-dns-link.browser.ts#L48

This issue can be moved to https://github.com/ipfs/helia-ipns/

@SgtPooki SgtPooki mentioned this issue May 26, 2023
Closed
@SgtPooki SgtPooki removed their assignment May 26, 2023
@SgtPooki SgtPooki transferred this issue from ipfs/js-ipfs May 26, 2023
achingbrain added a commit that referenced this issue May 31, 2023
@achingbrain
feat: support DNS over HTTPS and DNS-JSON over HTTPS
d20f584 
Adds support for resoving DNSLink TXT entries from public
DNS-Over-HTTPS servers (RFC 1035) and also DNS-JSON-Over-HTTPS
since they are a bit kinder on the resulting browser bundle size.

Fixes #53
@achingbrain achingbrain mentioned this issue May 31, 2023
Merged
@SgtPooki
Copy link
Member

Do we want to use https://github.com/vasco-santos/dns-over-http-resolver here?

@SgtPooki SgtPooki self-assigned this Oct 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@achingbrain achingbrain

@SgtPooki SgtPooki

Labels
P2 Medium: Good to have, but can wait until someone steps up status/ready Ready to be worked
Projects
No open projects
Helia Working Group (inactive)
Archived in project
js-ipfs deprecation
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat!: support DNS over HTTPS and DNS-JSON over HTTPS ipfs/helia-ipns
5 participants
@alanshaw @lidel @achingbrain @SgtPooki @stskeeps