Quad9 DoH - Githubissues

blokadaorg / blokada

The official repo for Blokada apps.

https://blokada.org

3.07k stars 215 forks source link

Quad9 DoH #836

Open kazzarin opened 3 years ago

kazzarin commented 3 years ago

App version: 5.8.0

When using the "Networks" feature to choose a DNS server, it appears Quad9 is only available through unsecured DNS:

https://github.com/blokadaorg/blokada/blob/8692f22c47e56836e300bccb3e231edcbf3d1a0c/android5/app/src/main/java/repository/DnsDataSource.kt#L140-L144

Even though the service does support DoH: https://www.quad9.net/service/service-addresses-and-features#doh

mchangrh commented 3 years ago

Since this is not a PR for fixing a bug or security issue, here is the relevant changes to code

Dns(
            id = "quad9",
            ips = listOf("9.9.9.9", "149.112.112.112"),
            port = 443,
            name = "dns.quad9.net",
            path = "dns-query",
            label = "Quad9"

kar commented 3 years ago

Sadly it won't work. We currently can't add some of the DoH servers out there, because as it turns out, there are two versions of the DoH protocol (yay standards). We're currently only supporting the json based one, and there is also a binary one. So once the latter is implemented, we can add this and other DNS servers.

kazzarin commented 3 years ago

Thanks for the explanation, hopefully there will be support for more DoH servers in the future.

peterroth commented 3 years ago

A very easy method to check if a DNS server uses JSON or binary format: run the below command and check what is returned. If an answer with the IP address in the body, that supports JSON. If nothing or an error message is returned, the DNS server uses binary method. curl '<DoH address>?name=blokada.org&type=a&do=1&ct=application/dns-json' For example: curl 'https://dns.blokada.org/dns-query?name=blokada.org&type=a&do=1&ct=application/dns-json'

ignoramous commented 3 years ago

Sadly it won't work. We currently can't add some of the DoH servers out there, because as it turns out, there are two versions of the DoH protocol (yay standards). We're currently only supporting the json based one, and there is also a binary one. So once the latter is implemented, we can add this and other DNS servers.

Hi Kar,

You might be mistaken. There aren't two standards: The mime-type Blokada supports today, application/dns-json, isn't in the standard at all: https://tools.ietf.org/html/rfc8484

tina-hello commented 3 years ago

@ignoramous The Blokada's DoH seems to support both GET and POST for binary request as of today, I tested with dnslookup, bulldohzer, and dohjs. Also please check my recent repos issues because I can't reply on the archived project

ghost commented 3 years ago

Is there any progress on adding Quad9 DoH (and others too, like AdGuard DoH)?

PeterDaveHello commented 2 years ago

@Kruger984 I've sent some pull requests like #917, #918 to enable more encrypted DNS servers. Let's see if it'll be accepted.