Skip to content

Add DNS oracle protocol #917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Add DNS oracle protocol #917

wants to merge 11 commits into from
+2,240 −0

Conversation

@Jim8y
Copy link

@Jim8y Jim8y commented Nov 17, 2025

Summary

  • add DNS-over-HTTPS oracle protocol and config wiring
  • document dns:// usage and add tests for certificate parsing

Testing

  • not run (not requested)

@doubiliu doubiliu mentioned this pull request Nov 17, 2025
Open
shargon
shargon reviewed Nov 17, 2025
View reviewed changes
Copy link
Member

@shargon shargon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it's better to define the dns server, and make a dns query, instead of http query

@erikzhang
Copy link
Member

erikzhang commented Nov 17, 2025

I think that it's better to define the dns server, and make a dns query, instead of http query

We need DNS over HTTPS.

@shargon
Copy link
Member

shargon commented Nov 17, 2025

I think that it's better to define the dns server, and make a dns query, instead of http query

We need DNS over HTTPS.

Then it's DoH no Dns, we should rename the oracle protocol

shargon
shargon reviewed Nov 17, 2025
View reviewed changes
erikzhang
erikzhang reviewed Nov 18, 2025
View reviewed changes
shargon
shargon reviewed Nov 20, 2025
View reviewed changes
plugins/OracleService/Protocols/OracleDnsProtocol.cs Outdated
CertificatePublicKey key = new()
{
Algorithm = cert.PublicKey.Oid?.FriendlyName ?? cert.PublicKey.Oid?.Value,
Encoded = Convert.ToBase64String(cert.GetPublicKey())
Copy link
Member

@shargon shargon Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it's better to construct this object inside the try/catch clause, it's possible to throw CryptographicException during cert.GetPublicKey()

erikzhang
erikzhang reviewed Nov 21, 2025
View reviewed changes
erikzhang
erikzhang reviewed Nov 21, 2025
View reviewed changes
Wi1l-B0t
Wi1l-B0t reviewed Nov 21, 2025
View reviewed changes
Wi1l-B0t
Wi1l-B0t reviewed Nov 21, 2025
View reviewed changes
@cschuchardt88
Copy link
Member

cschuchardt88 commented Nov 22, 2025
edited
Loading

I think that it's better to define the dns server, and make a dns query, instead of http query

DoH is very commom see https://www.rfc-editor.org/rfc/rfc8484.html

Can we follow rfc8484?

@github-actions github-actions bot added the N4 label Nov 26, 2025
vncoelho
vncoelho reviewed Nov 26, 2025
View reviewed changes
ajara87 and others added 6 commits November 30, 2025 17:15
@ajara87
Merge branch 'master' into feature/dns-doh
2b9f772
@ajara87
Merge branch 'master' into feature/dns-doh
55a5023
@Jim8y
Merge branch 'master' into feature/dns-doh
ba3ed0f
@Jim8y @Wi1l-B0t
Update plugins/OracleService/OracleSettings.cs
769f160 
Co-authored-by: Will <[email protected]>
@Jim8y @Wi1l-B0t
Update docs/oracle-dns-protocol.md
9071047 
Co-authored-by: Will <[email protected]>
@Jim8y
Update DNS oracle to RFC 8484 application/dns-message format
6ec4813 
- Replace application/dns-json with standard application/dns-message
- Implement DNS wire format (RFC 1035) for query/response encoding
- Use HTTP POST method per RFC 8484 specification
- Add DNS name compression pointer support
- Support user-specified authority in URI (dns://resolver/domain)
- Fix CryptographicException handling in BuildPublicKey
- Move Accept header to constructor
- Add comprehensive unit tests for wire format handling
- Add integration tests for Cloudflare, Google, and Quad9 DoH endpoints
- Update documentation with RFC 8484 compliance details
@Jim8y
Copy link
Author

Jim8y commented Dec 3, 2025

  • ✅ application/dns-json → application/dns-message (RFC 8484)
  • ✅ HTTP GET → HTTP POST
  • ✅ JSON parsing → DNS wire format (RFC 1035)
  • ✅ Support user-specified authority (dns://resolver/domain)
  • ✅ Fix CryptographicException handling in BuildPublicKey
  • ✅ Move Accept header to constructor
  • ✅ Integration tests covering Cloudflare, Google, Quad9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erikzhang erikzhang erikzhang left review comments

@Wi1l-B0t Wi1l-B0t Wi1l-B0t left review comments

@shargon shargon Awaiting requested review from shargon

@vncoelho vncoelho Awaiting requested review from vncoelho

@doubiliu doubiliu Awaiting requested review from doubiliu

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

N4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@Jim8y @erikzhang @shargon @cschuchardt88 @vncoelho @doubiliu @Wi1l-B0t @ajara87