
Show HN: A DNS over HTTPS proxy in 80 lines of Golang - satran
https://github.com/satran/dohproxy
======
js2
I've been running doh-client from [https://github.com/m13253/dns-over-
https](https://github.com/m13253/dns-over-https) on my EdgeMax router,
listening on localhost with dnsmasq listening on its LAN interface and
configured to use doh-client. I have doh-client pointed at Google's name
service. It's worked quite well since I set it up a few months back.

Cloudflare's lack of EDNS0 Client Subnet makes it a non-starter for me. In my
past experience that totally breaks AppleTV streaming from Akamai.

------
tssva
This will only work with DoH servers which support the UDP-wire format.
Cloudflare supports the UDP-wire format. Google does not.

~~~
satran
The RFC doesn’t state any other format. I believe google servers are not
complaint yet.

~~~
zaarn
IIRC Google's implementation is more of a "DNS as JSON over HTTPS" while the
RFC standardizes "DNS wire format over HTTPS".

I believe Google implement theirs first but I also think using the RFC format
is easier (as evidenced by the OP tunnel)

~~~
tssva
There is no RFC. There is an internet draft making its way through the DNS
over HTTPS working group.

The current draft requires support of the application/dns-message media type
which is basically an standard dns request base64 encoded. The draft also
allows for other media type but does not define them.

Although the Google implementation isn't compliant with the draft since it
significantly pre-dates efforts to standardize dns over https, a draft
compliant server can accept and return JSON formatted queries.

I will agree that the dns-message format is easier in the case of a
traditional dns resolver but it is not easier in all cases. JSON is easier for
a web app to produce and consume which is the use case the Google dns over
https project was originally designed to address.

