Unable to Query DoH with `tls none` and Plain HTTP

[Ondřej Surý]

> On 2. 1. 2024, at 10:38, Jakob Bohm via bind-users <bind-users at lists.isc.org> wrote:
> 
> Funny, given that HTTP/2 (the spec) had a CVE against it last October,
> while HTTP/0.9 and HTTP/1.x did not.

I’ve said that a single modern HTTP/2 implementation (backed by maintained library) is much better than having two different implementations of HTTP protocol that need to cooperate on a single port.

You came with vulnerability in the HTTP/2 specification.

So, what’s your point? Or you were just trying to be “funny”?

> Having the DoH server as a standalone process talking to DNS/TCP would
> be a solid implementation given the constant flow of changes made to
> HTTP(S) by the Big 5.

Sure, but most people don’t want to integrate different programs to talk to each other and having an all-in-one solution works for most people.

For the rest, there’s always something like dnsdist that can actually talk DoH on external side and Do53 on the internal side.

From a maintainers perspective, I would love to have a minimal DNS implementation with as few features, because that’s easier to maintain. But we are not building BIND 9 for just our own needs, we are building it for the users regardless what I personally think about DoH/2, DoH/3 or DoQ and whatever the Big Tech comes next to shave a nanosecond from the latency and pushes onto the open source developers who are limited on resources and maintain software that has long history…

Ondrej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.