Hi,

Would it be possible for your servers to first verify whether a DOH address is really a DNS before running actual atlas tests? If you can do it from an IP address that also hosts a web page that explains the purpose of the test, anyone investigating traffic coming to them is easily informed.

Thanks,
Dave


Op vr 22 mei 2020 om 10:29 schreef Philip Homburg <philip.homburg@ripe.net>:
On 2020/05/20 22:00 , Yang Yu wrote:
> As DoH is getting more adoption, it would be interesting to have DoH
> query support on Atlas. With support added as an additional protocol
> for DNS measurement (currently TCP/UDP), most measurement
> creation/result parsing settings can be reused.

>From a technical point of view it is not that simple. RFC 8484
recommends at least HTTP/2. Currently there is no support for HTTP/2 in
the Atlas measurement code.

The bigger problem however is that there is a policy for RIPE Atlas to
not allow http requests to arbitrary destinations. The reasoning is that
connecting to certain webservers from certain countries could bring
trouble to the probe hosts.

Of course policies are not set in stone. However, nobody has come up
with a better policy proposal.

Note that Atlas does support DNS over TLS.