DNS-based rendezvous for Snowflake
From legacy/trac#25594 (moved): An idea to use DNS over HTTPS: https://groups.google.com/forum/#!topic/traffic-obf/ZQohlnIEWM4
The circumvention idea is to take any existing DNS tunneling scheme and send it through DNS over HTTPS. To be a bit more specific: you send recursive DNS queries (encoding your upstream traffic) to the DNS-over-HTTPS server, which then forwards the queries to another specialized server that decodes them and proxies the data they contain.
Even if not a general-purpose transport, DNS-over-HTTPS could be an ideal rendezvous mechanism for a system like Snowflake or Moat. One where you only need to send/receive a small amount of very hard-to-block data in order to bootstrap a connection.
The way I see it, there are two parts of this:
- Using DNS as an underlying transport: the client sends a DNS request containing its encoded offer; the broker sends back a DNS response containing an encoded proxy answer.
- Sending via DNS-over-HTTPS in order to avoid blocking of the DNS messages themselves.