Feature request: support for SVCB and HTTPS dns records #5
Comments
|
Sorry it took some time to look at this. If that's still relevant - can you provide examples or problematic sites to see edge cases? Should be quite easy to add |
|
Sure, please take a look for: `;; ANSWER SECTION: www.rutracker.org. 300 IN HTTPS 1 . alpn="h3,h3-29,h2" ipv4hint=104.21.72.173,172.67.187.38 ipv6hint=2606:4700:3033::6815:48ad,2606:4700:3034::ac43:bb26` www.bbc.com - I've got only CNAME with no full resolve to A record www.bbc.com. 28589 IN CNAME www.bbc.com.pri.bbc.com. I have no examples for SVCB records but looks like Chrome doesn't request them. More examples can be found in https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/12/ paragraph 10.4 Also looks like Chrome asks HTTPS record for returned CNAME so it can be nested somehow: ;; ANSWER SECTION: I can see request for |
|
Well, I guess the case with The case with only CNAMEs and no A record in a reply chain is harder since either we need to do our resolving, or cache the original domain and last CNAME target in the chain and wait for the client to request it subsequently and then store original domain -> IP mapping. It shouldn't be hard but would require some work to implement the cache etc |
|
Ok, bbc case is just wrong since it returns the same answer for any query, not only HTTPS. The only case is when you request A it returns A records along and only CNAMEs for all others. |
|
Agree, but such operation can be found on others CDNs. Response to HTTPS request shouldn't return A record. |
Response to IN HTTPS should be only HTTPS RR, not CNAME I think. At least going thru RFC gave me that impression. |
|
Looks you are right, Chrome performs A and AAAA queries for www.bbc.com and ignores CNAME response. Followup Queries If Chrome receives an HTTPS alias record, but a record for the alias target is not included in the same response, Chrome will need to make an additional round of A/AAAA/HTTPS queries for the alias target name. To avoid any issues with loops or poor performance from chains, Chrome will only make one such round of followup. If more are needed, Chrome will behave as if the HTTPS records do not exist and will use the data from the original A/AAAA records alone (ignoring any A/AAAA results from the first followup query). Note that the potential for multiple alias followups should only come from successive chain links because splitting aliases at the same level are disallowed (spec states to pick one at random if it happens). If Chrome receives a compatible HTTPS service record with a different service name than the query name, but no address hints are given, Chrome will need to make additional A/AAAA queries (but not an HTTPS query). In theory, Chrome could attempt such followups for all compatible service records, but for simplicity/performance, Chrome will only allow one such followup (possible exception for cache-only followups) per host resolution job, choosing the highest priority service record based on protocol and weight. |
SVCB, HTTPSSVC, and ALTSVC DNS records are introduced by IETF draft - https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/11/
Chrome started to use HTTPS record type, more info can be found here - https://docs.google.com/document/d/1k461sRbddjDGj7Q8f-ZKHZvmB-ENUWSdX_3Fpp2dmXQ/edit?usp=sharing
Please add support for SVCB (type 64) and HTTPS (type 65) records.
ipv4hint and ipv6hint can be added directly from a response but CNAME requires special processing and data structure change.
I’ve got issues with bbc cdn in case when HTTPS record returns CNAME which can be resolved in multiple addresses but A record return only one.
The text was updated successfully, but these errors were encountered: