Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Add QUIC Support to 1.22.0+ Images #192

Open
ds-sebastian opened this issue Oct 19, 2024 · 0 comments
Open

[Feature Request] Add QUIC Support to 1.22.0+ Images #192

ds-sebastian opened this issue Oct 19, 2024 · 0 comments

Comments

@ds-sebastian
Copy link

Is your feature request related to a problem? Please describe.
The current Unbound Docker image lacks support for DNS-over-QUIC (DoQ), which was introduced in Unbound 1.22.0.

Currently I get
warning: /opt/unbound/etc/unbound/unbound.conf:60: Unbound is not compiled with ngtcp2. This is required to use DNS over QUIC.

Describe the solution you'd like
Update the existing Dockerfile to include QUIC support by default, modifying the build process to include necessary dependencies and compile Unbound with QUIC support.

Describe alternatives you've considered

  1. Separate QUIC-enabled image
  2. Build-time arguments for optional QUIC support

Additional context
Relevant Unbound Documentation

Implementation ideas for the existing Dockerfile:

  1. Update the OpenSSL stage:

    FROM debian:bookworm AS openssl
# ... (existing setup) ...
ENV VERSION_OPENSSL=openssl-3.0.10+quic
ENV SHA256_OPENSSL=<updated_sha256_for_quic_version>
ENV SOURCE_OPENSSL=https://github.com/quictls/openssl/archive/refs/tags/
# ... (rest of the stage) ...
RUN ./config enable-tls1_3 no-shared threads --prefix=/opt/openssl

  2. Add a new stage for ngtcp2 after the OpenSSL stage:

    FROM debian:bookworm AS ngtcp2
WORKDIR /tmp/src
COPY --from=openssl /opt/openssl /opt/openssl
RUN apt-get update && apt-get install -y build-essential curl git autoconf automake libtool pkg-config
RUN git clone --depth 1 -b v0.19.1 https://github.com/ngtcp2/ngtcp2
WORKDIR /tmp/src/ngtcp2
RUN autoreconf -i
RUN ./configure PKG_CONFIG_PATH=/opt/openssl/lib/pkgconfig LDFLAGS="-Wl,-rpath,/opt/openssl/lib" --prefix=/opt/ngtcp2
RUN make -j$(nproc) && make install

  3. Modify the Unbound stage:

    • Copy from the ngtcp2 stage: 
      COPY --from=ngtcp2 /opt/ngtcp2 /opt/ngtcp2
    • Update configure command: 
      RUN ./configure \
    --disable-dependency-tracking \
    --prefix=/opt/unbound \
    --with-pthreads \
    --with-username=_unbound \
    --with-ssl=/opt/openssl \
    --with-libevent \
    --with-libnghttp2 \
    --with-libngtcp2=/opt/ngtcp2 \
    --enable-dnstap \
    --enable-tfo-server \
    --enable-tfo-client \
    --enable-event-api \
    --enable-subnet

  4. Add QUIC port to EXPOSE directive:

    EXPOSE 853/udp
@ds-sebastian ds-sebastian changed the title Add QUIC Support to 1.22.0 Image [Feature Request] Add QUIC Support to 1.22.0+ Images Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ds-sebastian