odoh-client

module

v0.0.0-...-4762219 Latest Latest Go to latest Published: Nov 19, 2020 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/chris-wood/odoh-client

Links

Open Source Insights

README ¶

odoh-client

Oblivious DoH client

This is a command line interface as a client for performing oblivious dns-over-https queries.

Current Support:

DoH Query : odoh-client doh --domain www.cloudflare.com. --dnsType AAAA
oDoH Query: odoh-client odoh --domain www.cloudflare.com. --dnsType AAAA --key 01234567890123456789012345678912 --target 1.1.1.1
oDoH Query via Proxy: odoh-client odoh --domain www.cloudflare.com --dnsType AAAA --key 01234567890123456789012345678912 --target 1.1.1.1 --use-proxy true --proxy sampleproxy.service.hosted.net[:port]

The current implementation for oDoH uses a dummy Public Key stub on the target server which provides the public key to the client. In the ideal implementation, this will be obtained after performing DNSSEC validation + HTTPSSVC.

The explicit query for the public key of a target server without validation can be obtained by performing odoh-client get-publickey --ip 1.1.1.1[:port]

For the proxy usage, the client treats the target as the hostname and port of the intended target to which the proxy needs to forward the ODOH message and obtain a response from. The client then uses the key to decrypt the obtained response from the Oblivious Target.

Tests

Instances	Link	Active	Code
Target Server	odoh-target-dot-odoh-target.wm.r.appspot.com	✓	GCP Go Target
Proxy Server	odoh-proxy-dot-odoh-target.wm.r.appspot.com	✓	GCP Go Proxy
Target Server	odoh-target-rs.crypto-team.workers.dev	✓	CF Rust Target
Proxy Server	alpha-odoh-rs-proxy.research.cloudflare.com	✓	CF Rust Proxy
Discovery	odoh-discovery.crypto-team.workers.dev	✓	CF Discovery

Experiments

Proxied Via	To Target	Can Resolve?	CLI Call
GCP Go Proxy	GCP Go Target	✓	`odoh-client odoh --domain www.github.com. --dnstype AAAA --target odoh-target-dot-odoh-target.wm.r.appspot.com --proxy odoh-proxy-dot-odoh-target.wm.r.appspot.com`
GCP Go Proxy	CF Rust Target	✓	`odoh-client odoh --domain www.github.com. --dnstype AAAA --target odoh-target-rs.crypto-team.workers.dev --proxy odoh-proxy-dot-odoh-target.wm.r.appspot.com`
CF Rust Proxy	CF Rust Target	✗	`odoh-client odoh --domain www.github.com. --dnstype AAAA --target odoh-target-rs.crypto-team.workers.dev --proxy alpha-odoh-rs-proxy.research.cloudflare.com`
CF Rust Proxy	GCP Go Target	✓	`odoh-client odoh --domain www.github.com. --dnstype AAAA --target odoh-target-dot-odoh-target.wm.r.appspot.com --proxy odoh-rs-proxy.crypto-team.workers.dev`

Note: The CF Worker → CF Worker communication will NOT work and is by design from Cloudflare Workers. The usage of ODOH Rust Proxy and Target together however does work correctly if the workers are hosted on different zones.

Directories ¶

Path	Synopsis
cmd
commands

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL