Skip to content

Add DNS oracle protocol#917

Open
Jim8y wants to merge 18 commits intomasterfrom
feature/dns-doh
Open

Add DNS oracle protocol#917
Jim8y wants to merge 18 commits intomasterfrom
feature/dns-doh

Conversation

@Jim8y
Copy link
Contributor

@Jim8y Jim8y commented Nov 17, 2025

Summary

  • add DNS-over-HTTPS oracle protocol and config wiring
  • document dns:// usage and add tests for certificate parsing

Testing

  • not run (not requested)

@doubiliu doubiliu mentioned this pull request Nov 17, 2025
Open
shargon
shargon reviewed Nov 17, 2025
View reviewed changes
Copy link
Member

@shargon shargon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it's better to define the dns server, and make a dns query, instead of http query

@erikzhang
Copy link
Member

erikzhang commented Nov 17, 2025

I think that it's better to define the dns server, and make a dns query, instead of http query

We need DNS over HTTPS.

@shargon
Copy link
Member

shargon commented Nov 17, 2025

I think that it's better to define the dns server, and make a dns query, instead of http query

We need DNS over HTTPS.

Then it's DoH no Dns, we should rename the oracle protocol

shargon
shargon reviewed Nov 17, 2025
View reviewed changes
erikzhang
erikzhang reviewed Nov 18, 2025
View reviewed changes
shargon
shargon reviewed Nov 20, 2025
View reviewed changes
plugins/OracleService/Protocols/OracleDnsProtocol.cs Outdated
CertificatePublicKey key = new()
{
Algorithm = cert.PublicKey.Oid?.FriendlyName ?? cert.PublicKey.Oid?.Value,
Encoded = Convert.ToBase64String(cert.GetPublicKey())
Copy link
Member

@shargon shargon Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that it's better to construct this object inside the try/catch clause, it's possible to throw CryptographicException during cert.GetPublicKey()

erikzhang
erikzhang reviewed Nov 21, 2025
View reviewed changes
erikzhang
erikzhang reviewed Nov 21, 2025
View reviewed changes
Wi1l-B0t
Wi1l-B0t reviewed Nov 21, 2025
View reviewed changes
Wi1l-B0t
Wi1l-B0t reviewed Nov 21, 2025
View reviewed changes
@cschuchardt88
Copy link
Member

cschuchardt88 commented Nov 22, 2025
edited
Loading

I think that it's better to define the dns server, and make a dns query, instead of http query

DoH is very commom see https://www.rfc-editor.org/rfc/rfc8484.html

Can we follow rfc8484?

@github-actions github-actions bot added the N4 label Nov 26, 2025
vncoelho
vncoelho reviewed Nov 26, 2025
View reviewed changes
ajara87 and others added 6 commits November 30, 2025 17:15
@ajara87
Merge branch 'master' into feature/dns-doh
2b9f772
@ajara87
Merge branch 'master' into feature/dns-doh
55a5023
@Jim8y
Merge branch 'master' into feature/dns-doh
ba3ed0f
@Jim8y @Wi1l-B0t
Update plugins/OracleService/OracleSettings.cs
769f160 
Co-authored-by: Will <201105916+Wi1l-B0t@users.noreply.github.com>
@Jim8y @Wi1l-B0t
Update docs/oracle-dns-protocol.md
9071047 
Co-authored-by: Will <201105916+Wi1l-B0t@users.noreply.github.com>
@Jim8y
Update DNS oracle to RFC 8484 application/dns-message format
6ec4813 
- Replace application/dns-json with standard application/dns-message
- Implement DNS wire format (RFC 1035) for query/response encoding
- Use HTTP POST method per RFC 8484 specification
- Add DNS name compression pointer support
- Support user-specified authority in URI (dns://resolver/domain)
- Fix CryptographicException handling in BuildPublicKey
- Move Accept header to constructor
- Add comprehensive unit tests for wire format handling
- Add integration tests for Cloudflare, Google, and Quad9 DoH endpoints
- Update documentation with RFC 8484 compliance details
@Jim8y
Copy link
Contributor Author

Jim8y commented Dec 3, 2025

  • ✅ application/dns-json → application/dns-message (RFC 8484)
  • ✅ HTTP GET → HTTP POST
  • ✅ JSON parsing → DNS wire format (RFC 1035)
  • ✅ Support user-specified authority (dns://resolver/domain)
  • ✅ Fix CryptographicException handling in BuildPublicKey
  • ✅ Move Accept header to constructor
  • ✅ Integration tests covering Cloudflare, Google, Quad9

erikzhang
erikzhang reviewed Dec 3, 2025
View reviewed changes
cschuchardt88
cschuchardt88 previously approved these changes Dec 3, 2025
View reviewed changes
@vncoelho
Copy link
Member

vncoelho commented Dec 3, 2025
edited
Loading

@Jim8y, I found some issues during the way when trying to test it.
But, as I could see, it is at least running with success and understanding the basic conditions for the Oracle Service.

But I needed to fix some parsing errors due to docker versions on my tools.
The compiler had stop working.

Meanwhile, can you provide here examples of what to expect from the oracle calls in this PR, @Jim8y ?

I see that we could now do posting, is that correct?
So, let's create an example of a smart contract for that that parses an object to it. I will do this during this week.
If you already can provide it I will save some time.

erikzhang
erikzhang reviewed Dec 12, 2025
View reviewed changes
plugins/OracleService/OracleService.json
Comment on lines 15 to +19
"Timeout": 15000
},
"Dns": {
"EndPoint": "https://cloudflare-dns.com/dns-query",
"TimeoutMilliseconds": 5000
Copy link
Member

@erikzhang erikzhang Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

L15 and L19, one is Timeout and the other is TimeoutMilliseconds. It's best to keep them consistent.

Copy link
Member

@cschuchardt88 cschuchardt88 Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could use backups like google https://dns.google/resolve?name=google.com&type=A

cschuchardt88
cschuchardt88 reviewed Dec 16, 2025
View reviewed changes
plugins/OracleService/Protocols/OracleDnsProtocol.cs
if (response.Content.Headers.ContentLength.HasValue && response.Content.Headers.ContentLength > OracleResponse.MaxResultSize)
throw new ResponseTooLargeException();

using Stream stream = await response.Content.ReadAsStreamAsync(cancellation);
Copy link
Member

@cschuchardt88 cschuchardt88 Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IO Pipelines would work better here, better buffering and memory management.

https://learn.microsoft.com/en-us/dotnet/standard/io/pipelines

cschuchardt88
cschuchardt88 reviewed Dec 17, 2025
View reviewed changes
@Wi1l-B0t
Copy link
Contributor

Wi1l-B0t commented Dec 17, 2025

UT Failed.

@shargon
Copy link
Member

shargon commented Dec 29, 2025

@Jim8y any progress with this?

@Jim8y @cschuchardt88
Update plugins/OracleService/OracleService.cs
5ee06cc 
Co-authored-by: Christopher Schuchardt <8141309+cschuchardt88@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erikzhang erikzhang erikzhang left review comments

@Wi1l-B0t Wi1l-B0t Wi1l-B0t left review comments

@shargon shargon Awaiting requested review from shargon

@vncoelho vncoelho Awaiting requested review from vncoelho

@doubiliu doubiliu Awaiting requested review from doubiliu

+1 more reviewer

@cschuchardt88 cschuchardt88 cschuchardt88 left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

N4 Waiting for Manual Testing Waiting for Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@Jim8y @erikzhang @shargon @cschuchardt88 @vncoelho @Wi1l-B0t @doubiliu @ajara87