Release 1.3.10

Changelog.md

@@ -4,6 +4,17 @@ This Changelog records major changes between versions.
 
 Not all changes are recorded. Please check git log for details.
 
+## Version 1.3.10
+
+- Enable application/dns-message (draft-13) by default, since Google has finally supported it
+
+## Version 1.3.9
+
+- Fix client crash with `no_cookies = true`
+- Add 5380 as an additional default doh-client port
+- If `$GOROOT` is defined, Makefile now respects the value for the convenience of Debian/Ubuntu users
+- Change the ECS prefix length from /48 to /56 for IPv6, per RFC 7871
+
 ## Version 1.3.8
 
 - Workaround a bug causing Firefox 61-62 to reject responses with Content-Type = application/dns-message

Makefile

@@ -1,13 +1,21 @@
 .PHONY: all clean install uninstall deps
 
-GOBUILD=go build
-GOGET=go get -d -v
-GOGET_UPDATE=go get -d -u -v
-PREFIX=/usr/local
-ifeq ($(shell uname),Darwin)
-	CONFDIR=/usr/local/etc/dns-over-https
+PREFIX = /usr/local
+
+ifeq ($(GOROOT),)
+GOBUILD = go build
+GOGET = go get -d -v
+GOGET_UPDATE = go get -d -u -v
 else
-	CONFDIR=/etc/dns-over-https
+GOBUILD = $(GOROOT)/bin/go build
+GOGET = $(GOROOT)/bin/go get -d -v
+GOGET_UPDATE = $(GOROOT)/bin/go get -d -u -v
+endif
+
+ifeq ($(shell uname),Darwin)
+CONFDIR = /usr/local/etc/dns-over-https
+else
+CONFDIR = /etc/dns-over-https
 endif
 
 all: doh-client/doh-client doh-server/doh-server

Readme.md

@@ -8,6 +8,8 @@ and [draft-ietf-doh-dns-over-https](https://github.com/dohwg/draft-ietf-doh-dns-
 
 Install [Go](https://golang.org), at least version 1.9.
 
+(Note for Debian/Ubuntu users: You need to set `$GOROOT` if you could not get your new version of Go selected by the Makefile.)
+
 First create an empty directory, used for `$GOPATH`:
 
     mkdir ~/gopath
@@ -83,7 +85,7 @@ records.
 ## EDNS0-Client-Subnet (GeoDNS)
 
 DNS-over-HTTPS supports EDNS0-Client-Subnet protocol, which submits part of the
-client's IP address (/24 for IPv4, /48 for IPv6 by default) to the upstream
+client's IP address (/24 for IPv4, /56 for IPv6 by default) to the upstream
 server. This is useful for GeoDNS and CDNs to work, and is exactly the same
 configuration as most public DNS servers.
 
@@ -119,7 +121,7 @@ Currently supported features are:
 
 - [X] IPv4 / IPv6
 - [X] EDNS0 large UDP packet (4 KiB by default)
-- [X] EDNS0-Client-Subnet (/24 for IPv4, /48 for IPv6 by default)
+- [X] EDNS0-Client-Subnet (/24 for IPv4, /56 for IPv6 by default)
 
 ## The name of the project
 

doh-client/client.go

@@ -45,7 +45,7 @@ type Client struct {
 	udpServers           []*dns.Server
 	tcpServers           []*dns.Server
 	bootstrapResolver    *net.Resolver
-	cookieJar            *cookiejar.Jar
+	cookieJar            http.CookieJar
 	httpClientMux        *sync.RWMutex
 	httpTransport        *http.Transport
 	httpClient           *http.Client
@@ -259,7 +259,7 @@ func (c *Client) tcpHandlerFunc(w dns.ResponseWriter, r *dns.Msg) {
 
 var (
 	ipv4Mask24 = net.IPMask{255, 255, 255, 0}
-	ipv6Mask48 = net.CIDRMask(48, 128)
+	ipv6Mask56 = net.CIDRMask(56, 128)
 )
 
 func (c *Client) findClientIP(w dns.ResponseWriter, r *dns.Msg) (ednsClientAddress net.IP, ednsClientNetmask uint8) {
@@ -286,8 +286,8 @@ func (c *Client) findClientIP(w dns.ResponseWriter, r *dns.Msg) (ednsClientAddre
 			ednsClientAddress = ipv4.Mask(ipv4Mask24)
 			ednsClientNetmask = 24
 		} else {
-			ednsClientAddress = ip.Mask(ipv6Mask48)
-			ednsClientNetmask = 48
+			ednsClientAddress = ip.Mask(ipv6Mask56)
+			ednsClientNetmask = 56
 		}
 	}
 	return

doh-client/doh-client.conf

@@ -1,7 +1,9 @@
 # DNS listen port
 listen = [
     "127.0.0.1:53",
+    "127.0.0.1:5380",
     "[::1]:53",
+    "[::1]:5380",
 ]
 
 # HTTP path for upstream resolver
@@ -70,7 +72,7 @@ no_cookies = true
 # Disable EDNS0-Client-Subnet (ECS)
 #
 # DNS-over-HTTPS supports EDNS0-Client-Subnet protocol, which submits part of
-# the client's IP address (/24 for IPv4, /48 for IPv6 by default) to the
+# the client's IP address (/24 for IPv4, /56 for IPv6 by default) to the
 # upstream server. This is useful for GeoDNS and CDNs to work, and is exactly
 # the same configuration as most public DNS servers.
 no_ecs = false

doh-client/ietf.go

@@ -96,7 +96,7 @@ func (c *Client) generateRequestIETF(w dns.ResponseWriter, r *dns.Msg, isTCP boo
 				ednsClientNetmask = 24
 			} else {
 				ednsClientFamily = 2
-				ednsClientNetmask = 48
+				ednsClientNetmask = 56
 			}
 			edns0Subnet = new(dns.EDNS0_SUBNET)
 			edns0Subnet.Code = dns.EDNS0SUBNET
@@ -126,8 +126,7 @@ func (c *Client) generateRequestIETF(w dns.ResponseWriter, r *dns.Msg, isTCP boo
 
 	numServers := len(c.conf.UpstreamIETF)
 	upstream := c.conf.UpstreamIETF[rand.Intn(numServers)]
-	requestURL := fmt.Sprintf("%s?ct=application/dns-udpwireformat&dns=%s", upstream, requestBase64)
-	//requestURL := fmt.Sprintf("%s?ct=application/dns-message&dns=%s", upstream, requestBase64)
+	requestURL := fmt.Sprintf("%s?ct=application/dns-message&dns=%s", upstream, requestBase64)
 
 	var req *http.Request
 	if len(requestURL) < 2048 {

doh-client/version.go

@@ -24,6 +24,6 @@
 package main
 
 const (
-	VERSION    = "1.3.8"
+	VERSION    = "1.3.10"
 	USER_AGENT = "DNS-over-HTTPS/" + VERSION + " (+https://github.com/m13253/dns-over-https)"
 )

doh-server/doh-server.conf

@@ -6,10 +6,10 @@ listen = [
 
 # TLS certification file
 # If left empty, plain-text HTTP will be used.
-# Please be informed that this program does not do OCSP Stapling, which is
-# necessary for some clients to bootstrap itself.
-# You are recommended to use a server load balancer (Caddy, Nginx) and set up
-# TLS there.
+# You are recommended to leave empty and to use a server load balancer (e.g.
+# Caddy, Nginx) and set up TLS there, because this program does not do OCSP
+# Stapling, which is necessary for client bootstrapping in a network
+# environment with completely no traditional DNS service.
 cert = ""
 
 # TLS private key file
@@ -21,6 +21,8 @@ path = "/dns-query"
 # Upstream DNS resolver
 # If multiple servers are specified, a random one will be chosen each time.
 upstream = [
+    "1.1.1.1:53",
+    "1.0.0.1:53",
     "8.8.8.8:53",
     "8.8.4.4:53",
 ]

doh-server/google.go

@@ -104,7 +104,7 @@ func (s *Server) parseRequestGoogle(w http.ResponseWriter, r *http.Request) *DNS
 				ednsClientNetmask = 24
 			} else {
 				ednsClientFamily = 2
-				ednsClientNetmask = 48
+				ednsClientNetmask = 56
 			}
 		} else {
 			ednsClientAddress = net.ParseIP(ednsClientSubnet[:slash])
@@ -139,7 +139,7 @@ func (s *Server) parseRequestGoogle(w http.ResponseWriter, r *http.Request) *DNS
 			ednsClientNetmask = 24
 		} else {
 			ednsClientFamily = 2
-			ednsClientNetmask = 48
+			ednsClientNetmask = 56
 		}
 	}
 

doh-server/ietf.go

@@ -126,7 +126,7 @@ func (s *Server) parseRequestIETF(w http.ResponseWriter, r *http.Request) *DNSRe
 				ednsClientNetmask = 24
 			} else {
 				ednsClientFamily = 2
-				ednsClientNetmask = 48
+				ednsClientNetmask = 56
 			}
 			edns0Subnet = new(dns.EDNS0_SUBNET)
 			edns0Subnet.Code = dns.EDNS0SUBNET

doh-server/version.go

@@ -24,6 +24,6 @@
 package main
 
 const (
-	VERSION    = "1.3.8"
+	VERSION    = "1.3.10"
 	USER_AGENT = "DNS-over-HTTPS/" + VERSION + " (+https://github.com/m13253/dns-over-https)"
 )

json-dns/unmarshal.go

@@ -119,7 +119,7 @@ func Unmarshal(msg *dns.Msg, resp *Response, udpSize uint16, ednsClientNetmask u
 			if ednsClientFamily == 1 {
 				ednsClientNetmask = 24
 			} else {
-				ednsClientNetmask = 48
+				ednsClientNetmask = 56
 			}
 		}
 		edns0Subnet := new(dns.EDNS0_SUBNET)