Skip to content

Cronet DNS, DoH overrides to enable ECH from GreatFire Envoy #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: 138.0.7204.3
Choose a base branch
from
Open

Cronet DNS, DoH overrides to enable ECH from GreatFire Envoy #7

wants to merge 1 commit into from

Conversation

stevenmcdonald
Copy link
Owner

@stevenmcdonald stevenmcdonald commented Jun 12, 2025
edited
Loading

Who and why?

See the notes on: #5

DNS / DoH options

The goal of this feature was to enable ECH. To do that, we needed enable and configure the StandaloneResolver, and apply it to the context builder. We only need to override the dns_over_https_config for our purposes, that's what this patch does, though we could expose more of the net::DnsConfigOverrides options if that would be useful

Similar questions/comments to #5:

  • Does Google want this feature
  • This one uses experimental_options, would it be preferable as a param?
  • Specific this this one: Should we make more of the net::DnsConfigOverrides settable?

@stevenmcdonald stevenmcdonald changed the title Allow the caller to specify DNS DOH overrides used with the built in … DNS DOH overrides from GreatFire Envoy Jul 10, 2025
@stevenmcdonald stevenmcdonald changed the title DNS DOH overrides from GreatFire Envoy ECH, DNS, DoH overrides from GreatFire Envoy Jul 10, 2025
stevenmcdonald
stevenmcdonald commented Jul 10, 2025
View reviewed changes
components/cronet/url_request_context_config.cc
// Envoy does this
overrides.secure_dns_mode = net::SecureDnsMode::kSecure;

// This is a little silly, Dict -> JSON -> Dict
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was having type issues here, they are IIRC a base::DictValue and a base::Dict::Value which seem to not be exactly compatible. There's probably a more straightforward way to do the needed conversion, but this is what I did to get it working for now

@stevenmcdonald stevenmcdonald changed the title ECH, DNS, DoH overrides from GreatFire Envoy Cronet DNS, DoH overrides to enable ECH from GreatFire Envoy Jul 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@stevenmcdonald