Help with ISC-BIND 9.20.7 COPR package DOH support
Michał Kępień
michal at isc.org
Mon Mar 24 05:07:19 UTC 2025
Hi,
> Need help with the COPR packages for BIND, they don’t seem to have DOH enabled / working
That's not the case, DNS-over-HTTPS should work just fine with our Copr
packages.
> Should have: compiled with DNS-over-HTTPS
> It does not no?
DNS-over-HTTPS support in BIND 9 is implemented using libnghttp2, which
is visible in your "named -V" output.
> [root at ip-172-31-19-151 knot-3.1.7]# curl -H 'accept: application/dns-message' -H 'content-type: application/dns-message' --data-binary @query.bin http://127.0.0.1/dns-query --output response.bin
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 100 29 0 0 100 29 0 3622 --:--:-- --:--:-- --:--:-- 4142
> curl: (1) Received HTTP/0.9 when not allowed
>
> [root at ip-172-31-19-151 knot-3.1.7]# curl --http0.9 -H 'accept: application/dns-message' -H 'content-type: application/dns-message' --data-binary @query.bin http://127.0.0.1/dns-query --output response.bin
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
>
> 100 44 0 15 100 29 27027 52252 --:--:-- --:--:-- --:--:-- 44000
>
>
> It looks like BIND is:
>
> * Receiving the request on port 80
> * But not routing /dns-query to the DNS-over-HTTPS handler
> * And instead replying with a default, empty (or internal error) response — possibly from the wrong handler entirely
> Im guessing this is because DOH is not actually compiled into this build? These builds had DOH compiled in the past, appreciate any insights.
curl defaults to sending HTTP/1.1 requests for HTTP URLs. BIND 9 does
not support HTTP/1.1 for DNS-over-HTTPS; HTTP/2 is the minimum.
For testing purposes, you're probably looking for "dig +http-plain".
If you need to use curl, look at --http2-prior-knowledge.
--
Best regards,
Michał Kępień
More information about the bind-users
mailing list