search

BeryJu / gravity

Fully-replicated DNS and DHCP Server with ad-blocking powered by etcd
https://gravity.beryju.io
GNU General Public License v3.0
540 stars 12 forks source link

FR: Support HTTPS DNS records #1335

Open miguelangel-nubla opened 22 hours ago

miguelangel-nubla commented 22 hours ago

Cloudflare uses these new HTTPS records to speed up TLS, and at least chrome based browsers are starting to use them.

In my particular use-case I override a specific subdomain for local only use local.mydomain.tld: Overrided A and AAAA records point to a local IP on my network. This has been working fine for years. Now the browser is asking for HTTPS record instead, which gets forwarded to Cloudflare DNS upstream, and returns the public, external IP address, breaking local connections intermittently.

miguelangel-nubla commented 21 hours ago

For anyone else in the same boat, hook workaround:

function onDNSRequestAfter(request, response) {
    for (let i = 0; i < response.Answer.length; i++) {
        const rr = response.Answer[i];
        const header = rr.Header();

        if (header && header.Rrtype === 65) {
            response.Answer[i] = null;
        }
    }

    response.Answer = response.Answer.filter(rr => rr !== null);
}