Set ServerName for DoQ TLS validation explicitly (#329)

folbricht · Aug 31, 2023 · ed132d8 · ed132d8
1 parent 03b76d4
commit ed132d8
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/cmd/routedns/example-config/well-known.toml b/cmd/routedns/example-config/well-known.toml
@@ -134,6 +134,11 @@ protocol = "udp"
 address = "dns-unfiltered.adguard.com:8853"
 protocol = "doq"
 
+# NextDNS QUIC
+[resolvers.nextdns]
+address = "dns.nextdns.io:853"
+protocol = "doq"
+
 # Listeners
 
 [listeners.local-udp]

diff --git a/doqclient.go b/doqclient.go
@@ -71,9 +71,12 @@ func NewDoQClient(id, endpoint string, opt DoQClientOptions) (*DoQClient, error)
 		return nil, errors.Wrapf(err, "failed to parse dot endpoint '%s'", endpoint)
 	}
 	if opt.BootstrapAddr != "" {
-		tlsConfig.ServerName = host
 		endpoint = net.JoinHostPort(opt.BootstrapAddr, port)
 	}
+
+	// quic-go requires the ServerName be set explicitly
+	tlsConfig.ServerName = host
+
 	if opt.QueryTimeout == 0 {
 		opt.QueryTimeout = defaultQueryTimeout
 	}

diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/oschwald/maxminddb-golang v1.10.0
 	github.com/pion/dtls/v2 v2.2.4
 	github.com/pkg/errors v0.9.1
-	github.com/quic-go/quic-go v0.37.6
+	github.com/quic-go/quic-go v0.38.1
 	github.com/redis/go-redis/v9 v9.0.4
 	github.com/sirupsen/logrus v1.9.0
 	github.com/spf13/cobra v1.6.1
@@ -36,7 +36,7 @@ require (
 	github.com/pion/udp v0.1.4 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/quic-go/qpack v0.4.0 // indirect
-	github.com/quic-go/qtls-go1-20 v0.3.1 // indirect
+	github.com/quic-go/qtls-go1-20 v0.3.3 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	golang.org/x/crypto v0.5.0 // indirect
 	golang.org/x/exp v0.0.0-20221227203929-1b447090c38c // indirect

diff --git a/go.sum b/go.sum
@@ -64,8 +64,12 @@ github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
 github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
 github.com/quic-go/qtls-go1-20 v0.3.1 h1:O4BLOM3hwfVF3AcktIylQXyl7Yi2iBNVy5QsV+ySxbg=
 github.com/quic-go/qtls-go1-20 v0.3.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
+github.com/quic-go/qtls-go1-20 v0.3.3 h1:17/glZSLI9P9fDAeyCHBFSWSqJcwx1byhLwP5eUIDCM=
+github.com/quic-go/qtls-go1-20 v0.3.3/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k=
 github.com/quic-go/quic-go v0.37.6 h1:2IIUmQzT5YNxAiaPGjs++Z4hGOtIR0q79uS5qE9ccfY=
 github.com/quic-go/quic-go v0.37.6/go.mod h1:YsbH1r4mSHPJcLF4k4zruUkLBqctEMBDR6VPvcYjIsU=
+github.com/quic-go/quic-go v0.38.1 h1:M36YWA5dEhEeT+slOu/SwMEucbYd0YFidxG3KlGPZaE=
+github.com/quic-go/quic-go v0.38.1/go.mod h1:ijnZM7JsFIkp4cRyjxJNIzdSfCLmUMg9wdyhGmg+SN4=
 github.com/redis/go-redis/v9 v9.0.4 h1:FC82T+CHJ/Q/PdyLW++GeCO+Ol59Y4T7R4jbgjvktgc=
 github.com/redis/go-redis/v9 v9.0.4/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=