search

0xERR0R / blocky

Fast and lightweight DNS proxy as ad-blocker for local network with many features
https://0xERR0R.github.io/blocky/
Apache License 2.0
4.43k stars 199 forks source link

Announce DoT/DoH address via _dns.resolver.arpa SVCB record (RFC 9642) #1537

Open lgrahl opened 2 weeks ago

lgrahl commented 2 weeks ago

RFC 9462 "Discovery of Designated Resolvers" added the possibility to discover an encrypted DNS server (DoH/DoT) via an SVCB record. This is great when announcing the DNS server via DHCP / Router Advertisements, allowing machines in the network to easily discover and upgrade to DoH/DoT without requiring the user to fiddle with configurations.

I tried adding an SVCB record for _dns.resolver.arpa. manually but it turned out to be currently unsupported. https://github.com/miekg/dns already has support for SVCB records, so I assume this could be added easily?

But it would be better if blocky would support it out of the box, so that it can respond with the correct IP address for the interface the request came in from (if reachable on multiple networks).

adrianmace commented 2 weeks ago

When developing this feature please consider the behaviour while running blocky inside a container (because the container IPv4/IPv6 will be different)