Hi, Would it be possible for your servers to first verify whether a DOH address is really a DNS before running actual atlas tests? If you can do it from an IP address that also hosts a web page that explains the purpose of the test, anyone investigating traffic coming to them is easily informed.
Thanks, Dave Op vr 22 mei 2020 om 10:29 schreef Philip Homburg <philip.homb...@ripe.net>: > On 2020/05/20 22:00 , Yang Yu wrote: > > As DoH is getting more adoption, it would be interesting to have DoH > > query support on Atlas. With support added as an additional protocol > > for DNS measurement (currently TCP/UDP), most measurement > > creation/result parsing settings can be reused. > > From a technical point of view it is not that simple. RFC 8484 > recommends at least HTTP/2. Currently there is no support for HTTP/2 in > the Atlas measurement code. > > The bigger problem however is that there is a policy for RIPE Atlas to > not allow http requests to arbitrary destinations. The reasoning is that > connecting to certain webservers from certain countries could bring > trouble to the probe hosts. > > Of course policies are not set in stone. However, nobody has come up > with a better policy proposal. > > Note that Atlas does support DNS over TLS. > >
