Page MenuHomePhabricator

Deploy Wikidough: Experimental DNS-over-HTTPS (DoH) public resolver
Open, MediumPublic

Description

This task tracks the deployment of Wikidough, a caching, recursive DNS-over-HTTPS resolver service.

It is currently an experiment and its use is discouraged until things are stable. If you still plan on using it, your help with the testing is appreciated, but please note that things may break and features may be deprecated at any time as we work towards finalizing this project.

Documentation for this project will be updated on the Wikitech page.

Details

ProjectBranchLines +/-Subject
operations/puppetproduction+13 -2
operations/puppetproduction+2 -2
operations/puppetproduction+31 -5
operations/puppetproduction+2 -0
operations/puppetproduction+6 -4
operations/puppetproduction+1 -0
operations/puppetproduction+2 -2
operations/puppetproduction+80 -32
operations/puppetproduction+10 -5
operations/puppetproduction+6 -0
operations/puppetproduction+16 -5
operations/puppetproduction+6 -6
operations/puppetproduction+2 -2
operations/puppetproduction+26 -0
operations/puppetproduction+7 -1
operations/puppetproduction+3 -0
operations/puppetproduction+61 -18
operations/puppetproduction+2 -2
operations/puppetproduction+8 -0
operations/puppetproduction+6 -0
operations/puppetproduction+2 -0
operations/puppetproduction+20 -21
operations/puppetproduction+36 -15
operations/puppetproduction+6 -2
operations/puppetproduction+3 -3
operations/puppetproduction+60 -15
operations/puppetproduction+18 -4
operations/puppetproduction+15 -4
operations/puppetproduction+7 -0
operations/puppetproduction+9 -1
operations/puppetproduction+23 -5
operations/puppetproduction+5 -0
operations/puppetproduction+55 -1
operations/puppetproduction+7 -0
operations/puppetproduction+1 -0
operations/puppetproduction+15 -1
Show related patches Customize query in gerrit

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Change 599045 merged by Ssingh:
[operations/puppet@production] dnsdist: add parameter to limit number of queries

https://gerrit.wikimedia.org/r/599045

Change 599063 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: allow traffic to tcp/443 (DoH port)

https://gerrit.wikimedia.org/r/599063

Change 599063 merged by Ssingh:
[operations/puppet@production] wikidough: allow traffic to tcp/443 (DoH port)

https://gerrit.wikimedia.org/r/599063

Change 599390 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: allow DoT (DNS-over-TLS)

https://gerrit.wikimedia.org/r/599390

Change 599390 merged by Ssingh:
[operations/puppet@production] dnsdist: allow DoT (DNS-over-TLS)

https://gerrit.wikimedia.org/r/599390

Change 599958 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: add a parameter to use dnsdist's packet cache

https://gerrit.wikimedia.org/r/599958

Change 599958 merged by Ssingh:
[operations/puppet@production] dnsdist: add a parameter to use dnsdist's packet cache

https://gerrit.wikimedia.org/r/599958

Change 601727 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: add parameters for TLS configuration

https://gerrit.wikimedia.org/r/601727

Change 601727 merged by Ssingh:
[operations/puppet@production] dnsdist: add parameters for TLS configuration

https://gerrit.wikimedia.org/r/601727

Change 601782 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: update the configuration file template (improves 48144c89)

https://gerrit.wikimedia.org/r/601782

Change 601782 merged by Ssingh:
[operations/puppet@production] dnsdist: update the configuration file template (improves 48144c89)

https://gerrit.wikimedia.org/r/601782

Change 601796 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: add a parameter for setting addDOHLocal's base URL

https://gerrit.wikimedia.org/r/601796

Change 601796 merged by Ssingh:
[operations/puppet@production] dnsdist: add a parameter for setting addDOHLocal's base URL

https://gerrit.wikimedia.org/r/601796

Change 602406 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: allow access to control socket

https://gerrit.wikimedia.org/r/602406

Change 602406 merged by Ssingh:
[operations/puppet@production] dnsdist: allow access to control socket

https://gerrit.wikimedia.org/r/602406

Change 603982 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: update profile to use a single recursor

https://gerrit.wikimedia.org/r/603982

Change 603982 merged by Ssingh:
[operations/puppet@production] wikidough: update profile to use a single recursor

https://gerrit.wikimedia.org/r/603982

Change 604075 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsrecursor: make forward-zones and edns-subnet-whitelist optional

https://gerrit.wikimedia.org/r/604075

Change 604356 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: set default provider (TLS library) for DoT

https://gerrit.wikimedia.org/r/604356

Change 604356 merged by Ssingh:
[operations/puppet@production] dnsdist: set default provider (TLS library) for DoT

https://gerrit.wikimedia.org/r/604356

Change 604075 merged by Ssingh:
[operations/puppet@production] dnsrecursor: make forward-zones and edns-subnet-whitelist optional

https://gerrit.wikimedia.org/r/604075

Change 604452 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: set up the pdns-recursor

https://gerrit.wikimedia.org/r/604452

Change 604452 merged by Ssingh:
[operations/puppet@production] wikidough: set up the pdns-recursor

https://gerrit.wikimedia.org/r/604452

Change 604795 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: update the queries per second limit

https://gerrit.wikimedia.org/r/604795

Change 604795 merged by Ssingh:
[operations/puppet@production] dnsdist: update the queries per second limit

https://gerrit.wikimedia.org/r/604795

Change 606459 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: add parameter for web server configuration

https://gerrit.wikimedia.org/r/606459

Change 606459 merged by Ssingh:
[operations/puppet@production] dnsdist: add parameter for web server configuration

https://gerrit.wikimedia.org/r/606459

Change 607012 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: add comment about private data

https://gerrit.wikimedia.org/r/607012

Change 607012 merged by Ssingh:
[operations/puppet@production] wikidough: add comment about private data

https://gerrit.wikimedia.org/r/607012

Change 607301 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] prometheus: add wikidough statistics

https://gerrit.wikimedia.org/r/607301

Change 607368 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: update dnsdist web server listen address

https://gerrit.wikimedia.org/r/607368

Change 607368 merged by Ssingh:
[operations/puppet@production] wikidough: update dnsdist web server listen address

https://gerrit.wikimedia.org/r/607368

Change 607301 merged by Ssingh:
[operations/puppet@production] prometheus: add wikidough statistics

https://gerrit.wikimedia.org/r/607301

Change 607772 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] prometheus: use the correct password for the wikidough job

https://gerrit.wikimedia.org/r/607772

Change 607772 merged by Ssingh:
[operations/puppet@production] prometheus: use the correct password for the wikidough job

https://gerrit.wikimedia.org/r/607772

Change 608299 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: update firewall rules

https://gerrit.wikimedia.org/r/c/operations/puppet/ /608299

Change 608299 merged by Ssingh:
[operations/puppet@production] wikidough: update firewall rules

https://gerrit.wikimedia.org/r/c/operations/puppet/ /608299

jijiki added a subscriber: jijiki.Jul 13 2020, 5:35 PM

Change 613187 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: reload the certificates instead of restarting the service

https://gerrit.wikimedia.org/r/613187

Change 613643 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: add a parameter to set the size of the ring buffers

https://gerrit.wikimedia.org/r/613643

Change 613187 merged by Ssingh:
[operations/puppet@production] dnsdist: reload the certificates instead of restarting the service

https://gerrit.wikimedia.org/r/613187

Change 613643 merged by Ssingh:
[operations/puppet@production] dnsdist: add a parameter to set the size of the ring buffers

https://gerrit.wikimedia.org/r/613643

Change 615531 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: enable support for EDNS Client Subnet

https://gerrit.wikimedia.org/r/615531

Change 615531 merged by Ssingh:
[operations/puppet@production] wikidough: enable support for EDNS Client Subnet

https://gerrit.wikimedia.org/r/615531

Change 616067 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: set TLSv1.2 as the minimum version for DoT

https://gerrit.wikimedia.org/r/616067

Change 616067 merged by Ssingh:
[operations/puppet@production] wikidough: set TLSv1.2 as the minimum version for DoT

https://gerrit.wikimedia.org/r/616067

Change 618127 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] dnsdist: update value for IP rate-limiting

https://gerrit.wikimedia.org/r/618127

Change 618127 merged by Ssingh:
[operations/puppet@production] dnsdist: update value for IP rate-limiting

https://gerrit.wikimedia.org/r/618127

Change 618349 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] aptrepo: add a component for pdns-recursor

https://gerrit.wikimedia.org/r/618349

Change 618349 merged by Ssingh:
[operations/puppet@production] aptrepo: add a component for pdns-recursor

https://gerrit.wikimedia.org/r/618349

Mentioned in SAL (#wikimedia-operations) [2020-08-04T18:55:17Z] <sukhe> upload pdns-recursor_4.3.3-1~deb10u1 to apt.wm.o (buster) - T252132

Change 618591 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: enable QNAME minimisation for the dnsrecursor module

https://gerrit.wikimedia.org/r/618591

Change 618591 merged by Ssingh:
[operations/puppet@production] wikidough: enable QNAME minimisation for the dnsrecursor module

https://gerrit.wikimedia.org/r/618591

Change 620730 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: increase TCP connection limits for dnsrecursor

https://gerrit.wikimedia.org/r/620730

Change 620730 merged by Ssingh:
[operations/puppet@production] wikidough: increase TCP connection limits for dnsrecursor

https://gerrit.wikimedia.org/r/620730

Change 623630 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: add an option to set the landing page

https://gerrit.wikimedia.org/r/623630

Change 623630 merged by Ssingh:
[operations/puppet@production] wikidough: add an option to set the landing page

https://gerrit.wikimedia.org/r/623630

Mentioned in SAL (#wikimedia-operations) [2020-09-23T16:37:23Z] <sukhe> upload dnsdist_1.4.0-1~deb10u2 to apt.wm.o (buster) - T252132

Change 629434 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] hieradata: update preferred cipher suite order for Wikidough

https://gerrit.wikimedia.org/r/629434

Change 629434 merged by Ssingh:
[operations/puppet@production] hieradata: update preferred cipher suite order for Wikidough

https://gerrit.wikimedia.org/r/629434

Change 632735 had a related patch set uploaded (by Ssingh; owner: Ssingh):
[operations/puppet@production] wikidough: enable OCSP stapling in dnsdist

https://gerrit.wikimedia.org/r/632735

Change 632735 merged by Ssingh:
[operations/puppet@production] wikidough: enable OCSP stapling in dnsdist

https://gerrit.wikimedia.org/r/632735

jbond added a subscriber: jbond.Oct 28 2020, 10:45 AM