proposal: x/net/dns/dnsmessage: add support for SVCB and HTTPS records #43790
Comments
This change adds support for SVCB and its sister HTTPS record types. The new type Param is used for both records and the parsing/packing is shared between them as both records are stickly identical on the wire. For golang/go#43790
|
Change https://golang.org/cl/284852 mentions this issue: |
seankhliao
changed the title
|
CC @iangudger |
|
The SVCB and HTTPS record types are now in a published RFC: https://datatracker.ietf.org/doc/html/rfc9460 |
|
Any updates? Considering go1.23 supports ECH in crypto/tls, the final piece of the puzzle is supporting LookupSVCB/LookupHTTPS in net resolver. |
|
I'm working with @sftcd on implementing the TLSv1.3 ECH standard as widely as possible (https://defo.ie). We have implemented it in OpenSSL, and are following the boringssl How can I help make HTTPS RR support in Golang happen? None of the current team are Go coders, so we can't just jump in and implement it ourselves. We can consider paying qualified contractors to implement it. We can also support anyone who wants to take this on. Cloudflare has enabled ECH by default, so there will be many sites to test with. |
|
@eighthave Currently I have my own implemented ECH client, it maybe worth take a look. https://github.com/phuslu/fastdns?tab=readme-ov-file#dns-client |
|
I have prototypes for macOS/iOS, Linux and Android that queries an arbitrary resource record using the system resolver. It's Go code using cgo. Some observations:
|
|
The new API in https://go.dev/cl/284852 is: TypeSVCB Type = 64
TypeHTTPS Type = 65
// SVCBResource parses a single SVCBResource.
//
// One of the XXXHeader methods must have been called before calling this
// method.
func (p *Parser) SVCBResource() (SVCBResource, error)
// HTTPSResource parses a single HTTPSResource.
//
// One of the XXXHeader methods must have been called before calling this
// method.
func (p *Parser) HTTPSResource() (HTTPSResource, error)
// SVCBResource adds a single SVCBResource.
func (b *Builder) SVCBResource(h ResourceHeader, r SVCBResource) error
// HTTPSResource adds a single HTTPSResource.
func (b *Builder) HTTPSResource(h ResourceHeader, r HTTPSResource) error
// An SVCBResource is an SVCB Resource record.
type SVCBResource struct {
Priority uint16
Target Name
Params []Param
}
type ParamKey uint16
const (
ParamMandatory ParamKey = 0
ParamALPN ParamKey = 1
ParamNoDefaultALPN ParamKey = 2
ParamPort ParamKey = 3
ParamIPv4Hint ParamKey = 4
ParamECHConfig ParamKey = 5
ParamIPv6Hint ParamKey = 6
)
// String implements fmt.Stringer.String.
func (t ParamKey) String() string
// GoString implements fmt.GoStringer.GoString.
func (t ParamKey) GoString() string
type Param struct {
Key ParamKey
Value []byte
}
func (p Param) GoString() string
// GoString implements fmt.GoStringer.GoString.
func (r *SVCBResource) GoString() string
type HTTPSResource struct {
Priority uint16
Target Name
Params []Param
}
// GoString implements fmt.GoStringer.GoString.
func (r *HTTPSResource) GoString() string |
|
Is there a reason for having separate It seems like it would be sufficient to have a |
The new SVCB/HTTPS record has been added in iOS 14 and macOS 11. It would be handy to be able to parse them. The RFC is still a draft though.
https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-01
The text was updated successfully, but these errors were encountered: