feat(odoh): reject relay+target sharing an eTLD+1 #123

Merged

razvandimescu merged 1 commits from feat/odoh-etld1-check into main

2026-04-21 00:06:13 +08:00

Author	SHA1	Message	Date
Razvan Dimescu	193b38b85f	feat(odoh): reject relay+target sharing an eTLD+1 Plain host-string equality caught the copy-paste-same-URL footgun but let `r.cloudflare.com` + `odoh.cloudflare.com` through — two subdomains of the same operator collapse ODoH to ordinary DoH. Add a second layer: compare registrable domains via the PSL (`psl` crate) after the exact- host check. Fails open on IP literals and unparseable hosts; the exact- host check still runs in those cases.	2026-04-20 18:46:54 +03:00

Author

SHA1

Message

Date

Razvan Dimescu

193b38b85f

feat(odoh): reject relay+target sharing an eTLD+1

Plain host-string equality caught the copy-paste-same-URL footgun but
let `r.cloudflare.com` + `odoh.cloudflare.com` through — two subdomains
of the same operator collapse ODoH to ordinary DoH. Add a second layer:
compare registrable domains via the PSL (`psl` crate) after the exact-
host check. Fails open on IP literals and unparseable hosts; the exact-
host check still runs in those cases.

2026-04-20 18:46:54 +03:00

feat(odoh): reject relay+target sharing an eTLD+1 #123

1 Commits