Earlier I posted how to use Tor through my new DNS tunnel. https://lists.torproject.org/pipermail/anti-censorship-team/2020-April/00008... https://www.bamsoftware.com/software/dnstt/#proxy-tor
Here's a sketch of what development tasks would be needed to turn it into a proper pluggable transport. I estimate it would be about a GSoC's worth of work, though it's too late to be a GSoC project this year. It would be a good project for someone who wants experience with the mechanics of implementing a pluggable transport, using a circumvention component that's already working.
- Replace command-line interface with managed goptlib interface. - Client ClientTransportPlugin dns exec dns-client Bridge dns 192.0.2.4:1 FINGERPRINT domain=t.example.com doh=https://dns.example/dns-query pubkey=0000111122223333444455556666777788889999aaaabbbbccccddddeeeeffff - Server ServerTransportOptions dns mtu=1232 ServerTransportPlugin dns exec ./dns-server - Make the server generate a keypair on first run, store it in pt_state like obfs4proxy. - Add uTLS to the client to disguise TLS fingerprint. - Add ExtOrPort support to the server. - For USERADDR, choose a distinguished placeholder client address. See the last paragraph of https://lists.torproject.org/pipermail/metrics-team/2020-March/001142.html - Bonus: Enhance the bridge configuration panel to enable configuring the resolver without kludges like "meek-google" and "meek-amazon". - Or ship with a list of resolvers and choose one at random.
I don't know whether a DNS transport is deployable by default like other transports, but it could be a good thing to have in reserve.
anti-censorship-team@lists.torproject.org