ghost
commented
3 years ago Maybe it'll be implemented. Let's see if and how.
Open k0nk opened 3 years ago
ghost
commented
3 years ago Maybe it'll be implemented. Let's see if and how.
e-t-l
commented
1 year ago Any update on this?
IngoZenz
commented
1 year ago There are no plans currently.
IngoZenz
commented
1 year ago Just checked again - seems ODoH is nothing more then DoH over a proxy. If that is the case, the feature is already available as you can configure the usage of an HTTPS Proxy within the dnsfilter.conf file.
# HTTP Proxy for tunneling DNS TCP connections via Proxy
# Note: httpProxyIP is mandatory, httpProxyHost is optional
# In case proxy requires authentication, the auth string for basic auth can optionally be provided
resolveOverHttpProxy = false
httpProxyHost = my.proxy
httpProxyIP = 10.0.2.2
httpProxyPort = 8080
httpProxyBasicAuthStr =
k0nk
commented
1 year ago Seems to be working here with this server:
104.16.248.249::443::DOH::https://odoh.cloudflare-dns.com/dns-queryAnd this in .conf:
resolveOverHttpProxy = true
httpProxyHost = odoh1.surfdomeinen.nl
httpProxyIP = 145.0.6.53
httpProxyPort = 443
httpProxyBasicAuthStr = Can anyone confirm?
@IngoZenz can we force English language in Android app?
IngoZenz
commented
1 year ago it works. Regarding forcing English, I am not aware how to change that without changing system language
k0nk
commented
1 year ago Regarding forcing English, I am not aware how to change that without changing system language
Some apps have an option to force English or a drop-down menu to choose the language. Implementing something like that is simple or needs a lot of work? Sorry to being off topic here.
e-t-l
commented
1 year ago Just checked again - seems ODoH is nothing more then DoH over a proxy
I'm hoping this is correct, but from reading the DNScrypt documentation I got the impression that ODOH required a specific encryption or header format that was only accepted by ODOH servers (and they would only respond requests that were formatted correctly). The wiki talks about adding ODOH protocol flags to one's DNScrypt .conf file. The implication is without those flags, ODOH wouldn't work correctly, which makes me doubtful of @k0nk's results.
If it were as straightforward as "any proxy and any resolver," why would they specify so many limitations in the documentation? Also, using the above setup, wouldn't the IP and DNS request be visible to the proxy server, which is exactly what ODOH is supposed to avoid?
k0nk
commented
1 year ago @e-t-l what you said makes sense. I can't sniff anything right now to verify if it is really working, but with the details you bring to the table now, probably it is not working, besides still is resolving the domain names.
Universalizer
commented
1 year ago https://github.com/DNSCrypt/doh-server#oblivious-doh-odoh
Oblivious DoH is similar to Anonymized DNSCrypt, but for DoH. It requires relays, but also upstream DoH servers that support the protocol. This proxy supports ODoH termination (not relaying) out of the box. However, ephemeral keys are currently only stored in memory. In a load-balanced configuration, sticky sessions must be used. Currently available ODoH relays only use POST queries. So, POST queries have been disabled for regular DoH queries, accepting them is required to be compatible with ODoH relays. This can be achieved with the --allow-odoh-post command-line switch.
https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Oblivious-DoH
Hi! Do you pretend to add support for ODoH or is it already compatible?
https://blog.cloudflare.com/oblivious-dns/