mydnshost / mydnshost-api

API Backend for mydnshost
Other
2 stars 1 forks source link

Support for HTTPS/SVCB RR types #131

Closed csmith closed 3 years ago

csmith commented 3 years ago

https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-07 adds two new RR types.

The HTTPS one is particular interesting as it effectively allows you to do HSTS for an entire domain using DNS, amongst lots of other bits and pieces.

csmith commented 3 years ago

Seems like bind support was added in 9.17.18 FWIW

csmith commented 3 years ago

HTTPS records can have ipv4hint and ipv6hint fields which suggest IPs to use to avoid another DNS query. PowerDNS can add these to records automatically, but I'm not sure bind does....

If it doesn't it would be good if MyDNSHost did that explicitly ;)

ShaneMcC commented 3 years ago

API: https://github.com/mydnshost/mydnshost-api-base/commit/c240222c95b3a34c270672167eb815c1ebdf0555 https://github.com/mydnshost/mydnshost-api-base/commit/d01df536a6b505d3ea22b2bd5f21d4aa2f5d4538 https://github.com/mydnshost/mydnshost-api-base/commit/02506d799b9615e028e32eba5ecfcd6aebb5e164 https://github.com/mydnshost/mydnshost-api-base/commit/cf6260a75d025738966784c88e093fee08fa0086 https://github.com/mydnshost/mydnshost-api-base/commit/335784e5490874d14988b94b11e916dc8cfb8e28

Frontend: https://github.com/mydnshost/mydnshost-frontend/commit/715958fa69113033dcaa525c12fbba1be0328ea6

Bind: https://github.com/mydnshost/mydnshost-bind/commit/166a8ecfc264b3629f3deecd10ed770430f3c06a https://github.com/mydnshost/mydnshost-bind/commit/dae54d2b56ef703aaa4bd9579fb16db464d54acd https://github.com/mydnshost/mydnshost-infra/commit/20f1b2ac90df29ac2ef5b86f5c065fd271e6a873 https://github.com/mydnshost/mydnshost-infra/commit/d485af8867751845596068593ab68aa77a222ad1

ShaneMcC commented 3 years ago

This is done now I think.

ShaneMcC commented 3 years ago

Reopening, I didn't do the hint stuff.

ShaneMcC commented 3 years ago

I'm probably not going to bother with the hiting.

It's the ANAME (https://github.com/mydnshost/mydnshost-api/issues/24) problem in another disguise.

I don't want to be doing DNS Lookups for random things and I don't have useful "this depends on this record" stuff.

Also - what if your target actually points at stuff that is RRCLONEd (so annoying to figure out what the actual record is) or if the target is outside of mydnshost.

I'm going to close this issue and add a note to #24 to think about this at the same time.

ShaneMcC commented 3 years ago

I've added hinting now for same-domain targets as that is the least-awful approach.

I could probably extend it to hint through to "any domain known to mydnshost", but that's a lot more work and icky and I'd want to refactor a bunch of the code that would end up being shared there between RRCLONE and SVCB/HTTPS and I cba with that atm.