daemon/http: documentation

5fd1b876 · Oto Šťáva · Vladimír Čunát · d226f7d1 · 5fd1b876 · 5fd1b876
Verified Commit 5fd1b876 authored 2 years ago by Oto Šťáva Committed by Vladimír Čunát 2 years ago
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@ Knot Resolver 5.5.1 (2022-mm-dd)
 Improvements
 ------------
 - daemon/tls: disable TLS resumption via tickets for TLS <= 1.2 (#742, !1295)
+- daemon/http: DoH now responds with proper HTTP codes (#728, !1279)

 Bugfixes
 --------

--- a/daemon/bindings/net_tlssrv.rst
+++ b/daemon/bindings/net_tlssrv.rst
@@ -68,6 +68,28 @@ additional considerations for TLS 1.2 required by HTTP/2 are not implemented

 .. _dot-doh-config-options:

+HTTP status codes
+"""""""""""""""""
+
+As specified by :rfc:`8484`, the resolver responds with status **200 OK** whenever 
+it can produce a valid DNS reply for a given query, even in cases where the DNS
+``rcode`` indicates an error (like ``NXDOMAIN``, ``SERVFAIL``, etc.).
+
+For DoH queries malformed at the HTTP level, the resolver may respond with
+the following status codes:
+
+ * **400 Bad Request** for a generally malformed query, like one not containing
+   a valid DNS packet
+ * **404 Not Found** when an incorrect HTTP endpoint is queried - the only 
+   supported ones are ``/dns-query`` and ``/doh``
+ * **413 Payload Too Large** when the DNS query exceeds its maximum size
+ * **415 Unsupported Media Type** when the query's ``Content-Type`` header
+   is not ``application/dns-message``
+ * **431 Request Header Fields Too Large** when a header in the query is too
+   large to process
+ * **501 Not Implemented** when the query uses a method other than
+   ``GET``, ``POST``, or ``HEAD``
+
 Configuration options for DoT and DoH
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^