search

coredns / coredns

CoreDNS is a DNS server that chains plugins
https://coredns.io
Apache License 2.0
12.39k stars 2.14k forks source link

dns over https not support HTTP/2 and TLS 1.3 #2566

Closed FenghenHome closed 5 years ago

FenghenHome commented 5 years ago

I have the following configuration, and finally found that it does not support http2, nor does it support tls1.3. How do I need to configure it to support it? please help me!

I'm using coredns version CoreDNS-1.3.1

https://.:443 { hosts xxx.hosts { fallthrough }

forward . tls://xxx { tls_servername xxx force_tcp max_fails 3 expire 10s health_check 5s policy sequential except company.com }

tls xxx.cer xxx.key loadbalance round_robin reload 6s log errors rewrite edns0 subnet set 24 56 }

FenghenHome commented 5 years ago

I am using doh Server for my friends, the configuration is as follows, but it not support HTTP/2 https://.:443 my upstream using dot forward . tls://xxx

balboah commented 4 years ago

Trying to connect with http2 directly to coredns fails.

curl --http2 --http2-prior-knowledge https://example.com

http2 error: Remote peer returned unexpected data while we expected SETTINGS frame.  Perhaps, peer does not support HTTP/2 properly.

I expected this to works since DoH requires http2

miekg commented 4 years ago

[ Quoting notifications@github.com in "Re: [coredns/coredns] dns over http..." ]

Trying to connect with http2 directly to coredns fails.

curl --http2 --http2-prior-knowledge https://example.com

http2 error: Remote peer returned unexpected data while we expected SETTINGS frame. Perhaps, peer does not support HTTP/2 properly.

https://framagit.org/bortzmeyer/homer works fine for me

balboah commented 4 years ago

Yeah ok so rfc 8484 says http/2 is recommended but it doesn’t say required. Although the client I use assumes it’s supported and it can talk to other major doh services.

I suppose this is why this issue was created earlier.

Currently to have http/2 (and tls 1.3) in coredns, it requires to have a proxy in front?

På tis, okt. 6, 2020 vid 13:09, Miek Gieben notifications@github.com skrev:

[ Quoting notifications@github.com in "Re: [coredns/coredns] dns over http..." ]

Trying to connect with http2 directly to coredns fails.

curl --http2 --http2-prior-knowledge https://example.com

http2 error: Remote peer returned unexpected data while we expected SETTINGS frame. Perhaps, peer does not support HTTP/2 properly.

https://framagit.org/bortzmeyer/homer works fine for me

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.