curl
--doh-url does not respect --interface
I did this
curl --doh-url="https://cloudflare-dns.com/dns-query" --resolve="cloudflare-dns.com:443:1.1.1.1" https://www.bbc.co.uk --interface=10.0.0.1
I expected the following
I think the DNS over HTTPs request to Cloudflare should be routed over the interface 10.0.0.1. This is not the actual behaviour. Instead, the default interface is used.
I also expect the HTTPs connection to the BBC is routed over the interface 10.0.0.1. Here my expectation matches the actual behaviour.
The combination of these two facts is not ideal. DNS requests can essentially 'leak' over a different interface, which e.g. isn't ideal if a VPN is being used.
It's worth remembering curl also has the following flags: --dns-interface, --dns-ipv4-addr, --dns-ipv6-addr. However, these do not have an affect either, being used for traditional DNS protocol lookups. Given that the DoH query can inherit some of the main SSL settings, hopefully you'll agree it's reasonable for the DoH query to inherit --interface as well.
curl/libcurl version
7.86.0
operating system
OpenWRT snapshot (Linux kernel 5.15.80)
I believe this is part of the known bug DoH does not inherit all transfer options.
DoH should perhaps be made to piggyback on --dns-interface rather than following --interface: it is easy to imagine use cases where the actual outgoing traffic is sent on a different interface than where DoH is used. For example if you have an internal DoH server or similar,
Thanks for the response.
I see in the other bug the explanation is that inheriting isn't always done because it might be counterintuitive, for example by closing handles too soon.
But it sounds like we agree it'd be sensible to inherit the --dns-interface/DNS bind IP settings. I guess I'll attempt a patch, then.