Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/dns over https #5242

Open
wants to merge 9 commits into
base: 4.x
Choose a base branch
from
Open

Feature/dns over https #5242

wants to merge 9 commits into from

Conversation

imz87
Copy link

@imz87 imz87 commented Jun 23, 2024

Motivation
The increasing demand for enhanced privacy and security on the internet has led to the adoption of DNS-over-HTTPS (DoH) as a standard protocol for DNS resolution. DoH ensures that DNS queries are encrypted and protected from eavesdropping and tampering, providing a significant improvement over traditional DNS methods.

Currently, Vert.x lacks support for DoH, which limits its ability to provide secure DNS resolution for applications. By adding DoH support to Vert.x, we can offer developers the ability to leverage encrypted DNS queries, aligning with modern security practices and enhancing the overall privacy of applications built on Vert.x.

Conformance
I have signed the Eclipse Contributor Agreement as required. I have also ensured that all code changes adhere to the Vert.x code style guidelines, as outlined in the Vert.x Code Style Guidelines.

@vietj
Copy link
Member

vietj commented Jun 27, 2024

thank you @imz87 can you make a PR for the master branch of Vert.x ? the implementation of the DNS client has changed and I would like to be sure we can continue to support this feature in master before merging this branch.

@vietj vietj added this to the 4.5.9 milestone Jun 27, 2024
@zekronium
Copy link
Contributor

I see that the DnsClient, just like in 4.x, is not used for internal DNS resolution in 5.x too, where AddressResolverGroup is used. Is there a plan to change that? If not, we would like to integrate with AddressResolver, so that DoH would be used for HttpClient and other resolutions as well.

This is all preparation for Encrypted Client Hello support, so any technical considerations or tips from your side are welcome

@vietj
Copy link
Member

vietj commented Jun 28, 2024

it is normal that the DNS client is not used for resolution, since we rely on a resolver which does more than a client, so DoH should be contributed to Netty instead to benefit of this feature so we can have it in vertx DNS resolution.

@zekronium
Copy link
Contributor

it is normal that the DNS client is not used for resolution, since we rely on a resolver which does more than a client, so DoH should be contributed to Netty instead to benefit of this feature so we can have it in vertx DNS resolution.

Yeah, that is known that its not being used. My justification was to extend the AddressResolver on the vertx side, since it handles the quite complex and cumbersome API of HTTP Client of Netty and simply how much easier that would be atleast as a short term solution.

Would you in any case accept such an implementation on vertx side atleast momentarily or we should only do Netty

@vietj
Copy link
Member

vietj commented Jul 1, 2024

we cannot accept it as is, unless there is a guarantee that it will be provided in Netty (to avoid a feature regression).

perhaps the best would be to develop in Netty then use in vertx and we could backport the DNS client changes from master to 4.x to keep things in par

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.5.9
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@imz87 @vietj @zekronium