Update Readme

A DNS API server SHOULD respond with HTTP status code 415 (Unsupported Media Type) upon receiving a media type it is unable to process.
2026-03-31 18:25:38 +00:00 · 2018-03-26 00:45:48 +08:00 · 2018-03-26 00:44:28 +08:00 · 2018-03-24 17:33:50 +08:00
2 changed files with 21 additions and 6 deletions
--- a/Readme.md
+++ b/Readme.md
@@ -72,11 +72,26 @@ you can host DNS-over-HTTPS along with other HTTPS services.

 ## DNSSEC

-DNSSEC validation is not built-in. It is highly recommended that you install
-`unbound` or `bind` and pass results for them to validate DNS records.
+DNS-over-HTTPS is compatible with DNSSEC, and requests DNSSEC signatures by
+default. However signature validation is not built-in. It is highly recommended
+that you install `unbound` or `bind` and pass results for them to validate DNS
+records.

-If you are running a server without anycast, you probably want to enable EDNS0
-Client Subnet during your configuring `unbound` or `bind`.
+## EDNS0-Client-Subnet (GeoDNS)
+
+DNS-over-HTTPS supports EDNS0-Client-Subnet protocol, which submits part of the
+client's IP address (/24 for IPv4, /48 for IPv6 by default) to the upstream
+server. This is useful for GeoDNS and CDNs to work, and is exactly the same
+configuration as most public DNS servers.
+
+Keep in mind that /24 is not enough to track a single user, although it is
+precise enough to know the city where the user is from. If you think
+EDNS0-Client-Subnet is affecting your privacy, you can set `no_ecs = true` in
+`/etc/dns-over-https/doh-client.conf`, with the cost of slower video streaming
+or software downloading speed.
+
+If your server is backed by `unbound` or `bind`, you probably want to enable
+the EDNS0-Client-Subnet feature in their configuration files as well.

 ## Protocol compatibility

@@ -99,7 +114,7 @@ Currently supported features are:

 - [X] IPv4 / IPv6
 - [X] EDNS0 large UDP packet (4 KiB by default)
- [X] EDNS0 Client Subnet (/24 for IPv4, /48 for IPv6 by default)
+- [X] EDNS0-Client-Subnet (/24 for IPv4, /48 for IPv6 by default)

 ## License

--- a/doh-server/server.go
+++ b/doh-server/server.go
@@ -127,7 +127,7 @@ func (s *Server) handlerFunc(w http.ResponseWriter, r *http.Request) {
 	} else if contentType == "application/dns-udpwireformat" {
 		req = s.parseRequestIETF(w, r)
 	} else {
-		jsonDNS.FormatError(w, fmt.Sprintf("Invalid argument value: \"ct\" = %q", contentType), 400)
+		jsonDNS.FormatError(w, fmt.Sprintf("Invalid argument value: \"ct\" = %q", contentType), 415)
 		return
 	}
 	if req.errcode != 0 {
Author	SHA1	Message	Date
Star Brilliant	56973c827d	Update Readme	2018-03-26 00:45:48 +08:00
Star Brilliant	c1be2ddd18	Update Readme	2018-03-26 00:44:28 +08:00
Star Brilliant	cb78b9b696	A DNS API server SHOULD respond with HTTP status code 415 (Unsupported Media Type) upon receiving a media type it is unable to process.	2018-03-24 17:33:50 +08:00