DoH credentials
Julien Salort
listes at salort.eu
Mon Mar 25 16:09:43 UTC 2024
Hello,
I am trying bind9 DoH features (bind9 9.18.18). It works from Firefox,
although it feels slower than with native resolver.
However, it seems that this makes an open resolver, i.e. there is no
authentication of any sort.
I haven't found any reference to how to set up credentials in this doc:
https://bind9.readthedocs.io/en/latest/reference.html#http-block-grammar
Because I am using an Apache proxy, bind9 sees the incoming requests as
localhost, so allows all recursive requests from anybody.
Does it mean that credentials have to be implemented by the webserver ?
Firefox, for example, does not easily provide a way to specify credentials.
Also, strangely, the requests work fine from Firefox, or from curl
--doh-url, but dig +https (version 9.18.25) says:
ALPN for HTTP/2 failed.
;; no servers could be reached
Cheers,
Julien
More information about the bind-users
mailing list