search

m13253 / dns-over-https

High performance DNS over HTTPS client & server
https://developers.google.com/speed/public-dns/docs/dns-over-https
MIT License
1.99k stars 221 forks source link

Specify header "content-type: dns-message" return 400 Bad Request #105

Closed davehouser1 closed 3 years ago

davehouser1 commented 3 years ago

Problem:

Including "Content-Type: dns-message" in requests header returns 400 Bad Request.

Overview:

Section 4.1.1 of RFC8484 shows examples of requests including"Content-Type: dns-message" in their header. However when tying to insert "Content-Type: application/dns-message" into my request header I get a 400 Bad Request, with a {"Status":2"Comment":"Invalid argument value: \"dns\""} as a response body.

Section 4.2 & 5.4 states "A DoH server MUST be able to process "application/dns-message" request messages.".

Is there a reason I cannot insert "Content-Type: dns-message" into the header of my request? I assume I am doing something wrong or dont fully understand where this Content-Type is being injected during the path of processing.

System

https client <--> 10.10.10.10:443 (stunnel proxy) <--> 127.0.0.1:8053 doh-server.service <--> 10.10.10.11:53 bind9 server <--> 8.8.8.8 auth dns

Command used for testing

curl -s -k "https://10.10.10.10:443/dns-query?name=www.example.com&type=A" -H "Content-Type: application/dns-message"

m13253 commented 3 years ago

The https://10.10.10.10:443/dns-query?name=www.example.com&type=A format is not the RFC8484 dns-message protocol. It is the Google JSON DNS protocol.

If you omit the Content-Type, it can auto-detect what your protocol is, and switch to the Google protocol. However, if you specify Content-Type: application/dns-message, you are telling the server to process your request in RFC8484 protocol, which causes error.

davehouser1 commented 3 years ago

@m13253 thanks for the clarification. Can you share how to craft a proper curl command not using the Google JSON DNS protocol format that allows me to include the Content-Type header value?

m13253 commented 3 years ago

Can you share how to craft a proper curl command not using the Google JSON DNS protocol format that allows me to include the Content-Type header value?

curl -s 'https://cloudflare-dns.com/dns-query?dns=AAABIAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' -H 'Content-Type: application/dns-message' | xxd
davehouser1 commented 3 years ago

Sorry I am missing something, I adjusted your command to the following, I still get the same error. Does the dns request need to be in base64? I know the RFC shows as much, not sure its required:

curl -s -k 'https://10.10.10.10:443/dns-query?dns=AAABIAABAAAAAAAAA3d3dwdleGFtcGxlA2NvbQAAAQAB' -H 'Content-Type: application/dns-message'

m13253 commented 3 years ago

I still get the same error.

Normally you shouldn't get error… It works on my end. Can you double check it?

Does the dns request need to be in base64?

For GET request, RFC8484 requires you to encode your request in base64. For POST request you don't.

However, if you want to construct a human-readable request & expect a human-readable response, you might want to try that Google JSON protocol.

davehouser1 commented 3 years ago

Ok I will test with this more, if you are able to get a response with no problems, I will keep testing probably something on my end I am doing wrong. Safe to close this now. Might make sense to provide some curl command examples in your README.md just for reference for testing purposes after one deploys the dns-over-https server. Thanks for the quick response and support!