search

Gedsh / InviZible

Android application for online privacy and security
https://invizible.net
GNU General Public License v3.0
1.49k stars 103 forks source link

Add ODOH support #142

Closed awebeer256 closed 6 months ago

awebeer256 commented 2 years ago

I added the lists of ODOH servers and relays from dnscrypt-resolvers, but when I went to pick servers, they didn't show up. ODOH support was added to dnscrypt-proxy in version 2.1.0, and InviZible uses version 2.1.1, so I expect I could use it by editing dnscrypt-proxy.toml manually, but of course that's a horrendous UX! đŸ˜‹

Please add ODOH support to the GUI.

I'm using the latest F-Droid beta version of InviZible (1.6.3).

Gedsh commented 2 years ago

I added the lists of ODOH servers and relays from dnscrypt-resolvers, but when I went to pick servers, they didn't show up.

InviZible will not read this file as it needs to be added to the source code.

I expect I could use it by editing dnscrypt-proxy.toml manually

You can do this because InviZible uses the original DNSCrypt. But you should complete all configuration steps without using the user interface.

Please add ODOH support to the GUI.

I am planning to add this feature. But currently only 12 ODOH servers are available. So it's not much of a choice.

e-t-l commented 1 year ago

I could use it by editing dnscrypt-proxy.toml manually

@awebeer256 Did you end up doing this? If so, what edits were required to get ODOH working?

Universalizer commented 1 year ago

According to this 'Oblivious DoH (ODoH)'

https://github.com/DNSCrypt/doh-server#oblivious-doh-odoh

Oblivious DoH is similar to Anonymized DNSCrypt, but for DoH. It requires relays, but also upstream DoH servers that support the protocol. This proxy supports ODoH termination (not relaying) out of the box. However, ephemeral keys are currently only stored in memory. In a load-balanced configuration, sticky sessions must be used. Currently available ODoH relays only use POST queries. So, POST queries have been disabled for regular DoH queries, accepting them is required to be compatible with ODoH relays. This can be achieved with the --allow-odoh-post command-line switch.

Gedsh commented 6 months ago

Fixed via 2f3a150884067932c29636c290f8f082407a0278

Universalizer commented 6 months ago

Just to inform that I'm getting such logs as following :-

[2024-04-23 HHMMSS] [WARNING] Failed to receive successful response from [odoh-koki-ams] [2024-04-23 HHMMSS] [WARNING] Failed to receive successful response from [odoh-crypto-sx] [2024-04-23 HHMMSS] [WARNING] Failed to receive successful response from [odoh-crypto-sx] [2024-04-23 HHMMSS] [WARNING] Failed to receive successful response from [odoh-koki-se] [2024-04-23 HHMMSS] [WARNING] Failed to receive successful response from [odoh-koki-ams] [2024-04-23 HHMMSS] [WARNING] Failed to receive successful response from [odoh-tiarap.org] [2024-04-23 HHMMSS] [WARNING] Failed to receive successful response from [odoh-koki-noads-se] [2024-04-23 HHMMSS] [WARNING] Failed to receive successful response from [odoh-koki-noads-se]