Unbound DNS over HTTPS Trouble

Jaap Akkerhuis jaap at NLnetLabs.nl
Thu Jun 17 18:47:21 UTC 2021

 "A. Schulze via Unbound-users" writes:

 > Am 17.06.21 um 20:02 schrieb Aaron D. Gifford:
 > >> Andreas
 > > Hmmm, I'm using the FreeBSD prebuilt package from their port system.  Let me see if I can find what libnghttp2 version it was built with. Ah, libnghttp2-1.43.0 is the FreeBSD prebuilt package it installed as a dependency.
 > ok, then maybe the developers @nlnetlabs may help ...

According to the RFC, https://datatracker.ietf.org/doc/html/rfc8484#section-5.2

	5.2.  HTTP/2

	   HTTP/2 [RFC7540] is the minimum RECOMMENDED version of HTTP for use
	   with DoH.

	   The messages in classic UDP-based DNS [RFC1035] are inherently
	   unordered and have low overhead.  A competitive HTTP transport needs
	   to support reordering, parallelism, priority, and header compression
	   to achieve similar performance.  Those features were introduced to
	   HTTP in HTTP/2 [RFC7540].  Earlier versions of HTTP are capable of
	   conveying the semantic requirements of DoH but may result in very
	   poor performance.

No point into not following this recommendation.


More information about the Unbound-users mailing list