Re: [atlas] DoH and DoT measurements
Indeed “tls” flag seems to work. Thanks! After first try with DoT providers like one.one.one.one or dns.google I have additional question. When exactly FQDN from “target” is resolved to IP? Is RIPE Atlas resolve domain to IP only once during measurements creation or is each probe resolve domain to IP individually? It’s important details for me because I will work with FQDN that will resolve do different IP depending on user location so if it is resolved only once by RIPE Atlas system then probes will be using sub-optimal IPs to run tests. Regards, Grzegorz From: Michel Stam <mstam@ripe.net> Date: Wednesday, 26 July 2023 at 17:13 To: "Ponikierski, Grzegorz" <gponikie@akamai.com> Subject: Re: [atlas] DoH and DoT measurements Hey Grzegorz, It’s a bit hidden, but in the measurement definition I think the key ’tis’ needs to be set to the boolean value ’true’. That should enable DNS over TLS. Cheers, Michel On 26 Jul 2023, at 17:09, Ponikierski, Grzegorz <gponikie@akamai.com> wrote: I have reviewed API Manual and Reference but I don’t see anything about DoH or DoT. Maybe I have overlooked something? Regards, Grzegorz From: Michel Stam <mstam@ripe.net<mailto:mstam@ripe.net>> Date: Wednesday, 26 July 2023 at 15:30 To: "Ponikierski, Grzegorz" <gponikie@akamai.com<mailto:gponikie@akamai.com>> Cc: "ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>" <ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>> Subject: Re: [atlas] DoH and DoT measurements Hello Gzzegorz, If I saw correctly DNS over TLS should be possible. Some initial steps have been taken to implement DNS over HTTP(S) but such is not available yet. You will probably have to use the API to schedule one, though RIPE Atlas docs | RIPE Atlas Documentation | Docs<https://urldefense.com/v3/__https:/atlas.ripe.net/docs/__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKwtF0RHE$> atlas.ripe.net<https://urldefense.com/v3/__https:/atlas.ripe.net/docs/__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKwtF0RHE$> <image001.png><https://urldefense.com/v3/__https:/atlas.ripe.net/docs/__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKwtF0RHE$> Hope this helps, Regards, Michel On 26 Jul 2023, at 15:09, Ponikierski, Grzegorz via ripe-atlas <ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>> wrote: Hi! Is it possible to run DNS over HTTPS and DNS over TLS measurements with RIPE Atlas? Regards, Grzegorz -- ripe-atlas mailing list ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net> https://lists.ripe.net/mailman/listinfo/ripe-atlas<https://urldefense.com/v3/__https:/lists.ripe.net/mailman/listinfo/ripe-atlas__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKT9WPC80$>
Hello Grzegorz, The resolve_on_probe flag is used to have the probe do DNS resolution, otherwise the backend takes care of that. Cheers, Michel
On 26 Jul 2023, at 17:47, Ponikierski, Grzegorz <gponikie@akamai.com> wrote:
Indeed “tls” flag seems to work. Thanks!
After first try with DoT providers like one.one.one.one or dns.google <http://dns.google/> I have additional question. When exactly FQDN from “target” is resolved to IP? Is RIPE Atlas resolve domain to IP only once during measurements creation or is each probe resolve domain to IP individually? It’s important details for me because I will work with FQDN that will resolve do different IP depending on user location so if it is resolved only once by RIPE Atlas system then probes will be using sub-optimal IPs to run tests.
Regards, Grzegorz
From: Michel Stam <mstam@ripe.net <mailto:mstam@ripe.net>> Date: Wednesday, 26 July 2023 at 17:13 To: "Ponikierski, Grzegorz" <gponikie@akamai.com <mailto:gponikie@akamai.com>> Subject: Re: [atlas] DoH and DoT measurements
Hey Grzegorz,
It’s a bit hidden, but in the measurement definition I think the key ’tis’ needs to be set to the boolean value ’true’. That should enable DNS over TLS.
Cheers,
Michel
On 26 Jul 2023, at 17:09, Ponikierski, Grzegorz <gponikie@akamai.com <mailto:gponikie@akamai.com>> wrote:
I have reviewed API Manual and Reference but I don’t see anything about DoH or DoT. Maybe I have overlooked something?
Regards, Grzegorz
From: Michel Stam <mstam@ripe.net <mailto:mstam@ripe.net>> Date: Wednesday, 26 July 2023 at 15:30 To: "Ponikierski, Grzegorz" <gponikie@akamai.com <mailto:gponikie@akamai.com>> Cc: "ripe-atlas@ripe.net <mailto:ripe-atlas@ripe.net>" <ripe-atlas@ripe.net <mailto:ripe-atlas@ripe.net>> Subject: Re: [atlas] DoH and DoT measurements
Hello Gzzegorz,
If I saw correctly DNS over TLS should be possible. Some initial steps have been taken to implement DNS over HTTP(S) but such is not available yet. You will probably have to use the API to schedule one, though
RIPE Atlas docs | RIPE Atlas Documentation | Docs <https://urldefense.com/v3/__https:/atlas.ripe.net/docs/__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKwtF0RHE$> atlas.ripe.net <https://urldefense.com/v3/__https:/atlas.ripe.net/docs/__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKwtF0RHE$> <image001.png> <https://urldefense.com/v3/__https:/atlas.ripe.net/docs/__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKwtF0RHE$>
Hope this helps,
Regards,
Michel
On 26 Jul 2023, at 15:09, Ponikierski, Grzegorz via ripe-atlas <ripe-atlas@ripe.net <mailto:ripe-atlas@ripe.net>> wrote:
Hi!
Is it possible to run DNS over HTTPS and DNS over TLS measurements with RIPE Atlas?
Regards, Grzegorz -- ripe-atlas mailing list ripe-atlas@ripe.net <mailto:ripe-atlas@ripe.net> https://lists.ripe.net/mailman/listinfo/ripe-atlas <https://urldefense.com/v3/__https:/lists.ripe.net/mailman/listinfo/ripe-atlas__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKT9WPC80$>
It works! Thanks again :) Regards, Grzegorz From: Michel Stam <mstam@ripe.net> Date: Wednesday, 26 July 2023 at 17:50 To: "Ponikierski, Grzegorz" <gponikie@akamai.com> Cc: "ripe-atlas@ripe.net" <ripe-atlas@ripe.net> Subject: Re: [atlas] DoH and DoT measurements Hello Grzegorz, The resolve_on_probe flag is used to have the probe do DNS resolution, otherwise the backend takes care of that. Cheers, Michel On 26 Jul 2023, at 17:47, Ponikierski, Grzegorz <gponikie@akamai.com> wrote: Indeed “tls” flag seems to work. Thanks! After first try with DoT providers like one.one.one.one or dns.google<https://urldefense.com/v3/__http:/dns.google/__;!!GjvTz_vk!Vgjmvw5Pw99v1yQzbNV2B4F0p45L_46wzEaLDXTF1b9k3KYpG5OsTRQioReL-8q71701XHRsV8I$> I have additional question. When exactly FQDN from “target” is resolved to IP? Is RIPE Atlas resolve domain to IP only once during measurements creation or is each probe resolve domain to IP individually? It’s important details for me because I will work with FQDN that will resolve do different IP depending on user location so if it is resolved only once by RIPE Atlas system then probes will be using sub-optimal IPs to run tests. Regards, Grzegorz From: Michel Stam <mstam@ripe.net<mailto:mstam@ripe.net>> Date: Wednesday, 26 July 2023 at 17:13 To: "Ponikierski, Grzegorz" <gponikie@akamai.com<mailto:gponikie@akamai.com>> Subject: Re: [atlas] DoH and DoT measurements Hey Grzegorz, It’s a bit hidden, but in the measurement definition I think the key ’tis’ needs to be set to the boolean value ’true’. That should enable DNS over TLS. Cheers, Michel On 26 Jul 2023, at 17:09, Ponikierski, Grzegorz <gponikie@akamai.com<mailto:gponikie@akamai.com>> wrote: I have reviewed API Manual and Reference but I don’t see anything about DoH or DoT. Maybe I have overlooked something? Regards, Grzegorz From: Michel Stam <mstam@ripe.net<mailto:mstam@ripe.net>> Date: Wednesday, 26 July 2023 at 15:30 To: "Ponikierski, Grzegorz" <gponikie@akamai.com<mailto:gponikie@akamai.com>> Cc: "ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>" <ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>> Subject: Re: [atlas] DoH and DoT measurements Hello Gzzegorz, If I saw correctly DNS over TLS should be possible. Some initial steps have been taken to implement DNS over HTTP(S) but such is not available yet. You will probably have to use the API to schedule one, though RIPE Atlas docs | RIPE Atlas Documentation | Docs<https://urldefense.com/v3/__https:/atlas.ripe.net/docs/__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKwtF0RHE$> atlas.ripe.net<https://urldefense.com/v3/__https:/atlas.ripe.net/docs/__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKwtF0RHE$> <image001.png><https://urldefense.com/v3/__https:/atlas.ripe.net/docs/__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKwtF0RHE$> Hope this helps, Regards, Michel On 26 Jul 2023, at 15:09, Ponikierski, Grzegorz via ripe-atlas <ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net>> wrote: Hi! Is it possible to run DNS over HTTPS and DNS over TLS measurements with RIPE Atlas? Regards, Grzegorz -- ripe-atlas mailing list ripe-atlas@ripe.net<mailto:ripe-atlas@ripe.net> https://lists.ripe.net/mailman/listinfo/ripe-atlas<https://urldefense.com/v3/__https:/lists.ripe.net/mailman/listinfo/ripe-atlas__;!!GjvTz_vk!UIWbNOgesINdK7phtPcRFUNL6Ah4klT6w0UBrDN6eQQavoEWGbvHAf3Q-h2r1ErslWGKT9WPC80$>
participants (2)
-
Michel Stam -
Ponikierski, Grzegorz