Re: Unable to Query DoH with `tls none` and Plain HTTP

2024-01-02 Thread Ondřej Surý
> On 2. 1. 2024, at 10:38, Jakob Bohm via bind-users > wrote: > > Funny, given that HTTP/2 (the spec) had a CVE against it last October, > while HTTP/0.9 and HTTP/1.x did not. I’ve said that a single modern HTTP/2 implementation (backed by maintained library) is much better than having two d

Re: Unable to Query DoH with `tls none` and Plain HTTP

2024-01-02 Thread tale via bind-users
On Tue, Jan 2, 2024 at 4:38 AM Jakob Bohm via bind-users wrote: > Having the DoH server as a standalone process talking to DNS/TCP would > be a solid implementation given the constant flow of changes made to > HTTP(S) by the Big 5. Perhaps, but for reference here is the relevant section of the Do

Re: Unable to Query DoH with `tls none` and Plain HTTP

2024-01-02 Thread Jakob Bohm via bind-users
On 2024-01-01 16:38, Ondřej Surý wrote: On 1. 1. 2024, at 15:19, r1wcp...@bbqporkmccity.com wrote: Thank you very much, I was unaware of the HTTP/2 requirement and was assuming it is a bug. Is there any reason for omitting the HTTP/1.1 upgrade part of the protocol? It would be additional com

Re: Unable to Query DoH with `tls none` and Plain HTTP

2024-01-01 Thread Ondřej Surý
> On 1. 1. 2024, at 15:19, r1wcp...@bbqporkmccity.com wrote: > > Thank you very much, I was unaware of the HTTP/2 requirement and was assuming > it is a bug. Is there any reason for omitting the HTTP/1.1 upgrade part of > the protocol? It would be additional complexity that's really not needed

Re: Unable to Query DoH with `tls none` and Plain HTTP

2024-01-01 Thread r1wcp42w--- via bind-users
Hello, Thank you very much, I was unaware of the HTTP/2 requirement and was assuming it is a bug. Is there any reason for omitting the HTTP/1.1 upgrade part of the protocol? On 2024/01/01 22:30, Ondřej Surý wrote: Hi, BIND 9 DoH implementation always uses HTTP/2, so you can't talk to it vi

Re: Unable to Query DoH with `tls none` and Plain HTTP

2024-01-01 Thread Ondřej Surý
Hi, BIND 9 DoH implementation always uses HTTP/2, so you can't talk to it via HTTP/0.9, so your proxy balancer needs to talk HTTP/2. curl --http2-prior-knowledge -v -H 'accept: application/dns-message' 'http://172.23.0.2:80/dns-query?dns=AAABAAABA3d3dwdleGFtcGxlA2NvbQAAAQAB' should work

Unable to Query DoH with `tls none` and Plain HTTP

2024-01-01 Thread r1wcp42w--- via bind-users
Hello, Hope you are having a great day. I am trying to setup a BIND9 DNS over HTTP (DoH but in plain HTTP) server with the ubuntu/bind9:latest docker image behind a HTTPS load balancer however I am unable to perform any DNS query with the newly installed BIND9 server(not through the load bala