From: Oto Šťáva Date: Fri, 8 Apr 2022 09:20:59 +0000 (+0200) Subject: daemon/http: documentation X-Git-Tag: v5.5.1~11^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5fd1b876e9e50b8a2f8090d67c43555e215abe81;p=thirdparty%2Fknot-resolver.git daemon/http: documentation --- diff --git a/NEWS b/NEWS index 0d90f6e1c..35e3378c1 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,7 @@ Knot Resolver 5.5.1 (2022-mm-dd) Improvements ------------ - daemon/tls: disable TLS resumption via tickets for TLS <= 1.2 (#742, !1295) +- daemon/http: DoH now responds with proper HTTP codes (#728, !1279) Bugfixes -------- diff --git a/daemon/bindings/net_tlssrv.rst b/daemon/bindings/net_tlssrv.rst index 8306cfc22..519a0b569 100644 --- a/daemon/bindings/net_tlssrv.rst +++ b/daemon/bindings/net_tlssrv.rst @@ -68,6 +68,28 @@ additional considerations for TLS 1.2 required by HTTP/2 are not implemented .. _dot-doh-config-options: +HTTP status codes +""""""""""""""""" + +As specified by :rfc:`8484`, the resolver responds with status **200 OK** whenever +it can produce a valid DNS reply for a given query, even in cases where the DNS +``rcode`` indicates an error (like ``NXDOMAIN``, ``SERVFAIL``, etc.). + +For DoH queries malformed at the HTTP level, the resolver may respond with +the following status codes: + + * **400 Bad Request** for a generally malformed query, like one not containing + a valid DNS packet + * **404 Not Found** when an incorrect HTTP endpoint is queried - the only + supported ones are ``/dns-query`` and ``/doh`` + * **413 Payload Too Large** when the DNS query exceeds its maximum size + * **415 Unsupported Media Type** when the query's ``Content-Type`` header + is not ``application/dns-message`` + * **431 Request Header Fields Too Large** when a header in the query is too + large to process + * **501 Not Implemented** when the query uses a method other than + ``GET``, ``POST``, or ``HEAD`` + Configuration options for DoT and DoH ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^