Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

track DNS HTTPS Resource Records #1428

Open
eighthave opened this issue Oct 3, 2023 · 0 comments
Open

track DNS HTTPS Resource Records #1428

eighthave opened this issue Oct 3, 2023 · 0 comments
Assignees
@bassosimone
Labels
priority/medium

Comments

@eighthave
Copy link

eighthave commented Oct 3, 2023
edited
Loading

@hellais when we last met, we discussed OONI tracking HTTPS DNS requests. This is a follow up to track that. The new HTTPS RR is a new DNS request that lets clients/browsers do a single DNS request and get all of the required info needed to make a direct, modern HTTPS connection without extra roundtrips for auto-detection. For example:

  • IPv4 / IPv6
  • TCP port number
  • HTTP/2 or HTTP/3
  • ECHConfig

I estimate there will be two kinds of blocking activities related to HTTPS RRs that would be quite useful to track:

  • Different HTTPS RRs served from the same DoH server but in different regions (e.g. specific legal orders, takedowns, etc.)
  • Neutral HTTPS RRs not available from DNS servers in specific regions (ISPs/govs/etc attempting to restrict the general usage of HTTPS RRs).

This is related to ooni/probe-cli#1217

@sftcd @aaronkaplan @bassosimone FYI
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bassosimone bassosimone

Labels
priority/medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eighthave @bassosimone