After a lengthy iteration, we are finally launching our v2 DNS resolver, incorporating hundreds of fixes and improvements. Tenta DNS at its core, is about 3 things, speed, precision and privacy, this is why besides the standard tcp, and udp protocols, we support DNS-over-TLS and DNS-over-HTTPS. What we have learned from the first iteration, we perfected in this one, Tenta DNS has always-on DNSSEC validation, a more robust handling of the occasional implementation inconsistencies, and a caching subsystem tailored specifically for a DNS resolver, finally, our DNS-over-TLS service is active (albeit, probably unused in the vast majority of cases) during upstream queries too.
To use DNS-over-HTTPS, we have set up 2 domains, https://opennic.tenta.io/dns-query and https://iana.tenta.io/dns-query, which use OpenNIC and ICANN root servers, respectively.
The querying works in a REST API fashion, it takes 2 arguments name
and type
(eg: https://opennic.tenta.io/dns-query?name=example.com&type=A) and provides an answer in JSON format.
We opted for a simplified JSON API approach to DoH, because it removes the difficulty of including DNS queries into lightweight applications.
Our response format for DoH queries is as follows:
Status: integer; analogous to classic DNS message's RCODE
TC, RD, RA, AD, CD: boolean; relevant flags describing the nature of the DNS response, same as in a classic DNS message
Question: structure (string, integer), describing the queried name, and the queried type
Answer, Authority, Additional: array of structures (string, integer, integer, string); describing every DNS records name, type, and TTL value and their record-specific data.
An example response (to the example request) is
{
"Status":0,
"TC":false,
"RD":true,
"RA":true,
"AD":false,
"CD":false,
"Question":[
{"Name":"example.com","Type":1}],
"Answer":[
{"Name":"example.com.","Type":1,"TTL":86400,"Data":"93.184.216.34"},
{"Name":"example.com.","Type":46,"TTL":86400,"Data":"A 8 2 86400 20180627015845 20180606075626 4354 example.com. gpgx3XIhF4XZg5Nw0eo7TmCD1zfKX9YtMq9PuSh3eAc4fJrvyS/VWy2bz/KYhgiXQe6PvtOLZbgTT2O9knkHIlAsmnznEowSrgWYaCkkkNnoC8Ii1Ikg87PCZ7FffTposk/4HRG6yXZlo9+++YZAfAC0cc9FFYpQXqxVLf9/aDQ="}]
}