HTTPS records not returned

Question

HTTPS records not returned

kuon opened this issue 2 years ago · comments

If I do:

drill HTTPS ifconfig.io

I got the following output:

;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 25097
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; ifconfig.io.	IN	A

;; ANSWER SECTION:
ifconfig.io.	232	IN	A	188.114.96.14
ifconfig.io.	232	IN	A	188.114.97.14

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 1 msec
;; SERVER: 10.11.1.1
;; WHEN: Mon Jun  6 23:07:47 2022
;; MSG SIZE  rcvd: 61

I expect the HTTPS record.

Same with dig:

dig HTTPS ifconfig.io


; <<>> DiG 9.18.2 <<>> HTTPS ifconfig.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25199
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ifconfig.io.			IN	HTTPS

;; ANSWER SECTION:
ifconfig.io.		300	IN	HTTPS	1 . alpn="h3,h3-29,h2" ipv4hint=188.114.96.14,188.114.97.14 ipv6hint=2a06:98c1:3120::e,2a06:98c1:3121::e

;; Query time: 20 msec
;; SERVER: 10.11.1.1#53(10.11.1.1) (UDP)
;; WHEN: Mon Jun 06 23:08:35 CEST 2022
;; MSG SIZE  rcvd: 119

Willem Toorop · Answer 1 · Thu Jun 09 2022 18:29:12 GMT+0800 (China Standard Time)

Hi @kuon , you need to configure ldns with the --enable-rrtype-svcb-https before compiling to get SVCB and HTTPS support.
We do these configure flags for all features which are not RFC yet, because we don't want to expose things that are still in development and can still change.

However, since the draft is currently in the RFC editor queue, see https://www.rfc-editor.org/current_queue.php#draft-ietf-dnsop-svcb-https , I do think it is safe to have them configured by default now. I have committed that in d34309f

Nicolas Goy · Answer 2 · Fri Jun 10 2022 04:04:41 GMT+0800 (China Standard Time)

Great. Thanks.

For information and reference, I came across HTTPS records because I was intercepting DNS requests for iOS devices (iPad) for ad blocking and it took me a while to understand why it wasn't working, that's because I was only intercepting A and AAAA requests, and the iPad already use HTTPS records. So it seems it is already widely deployed (at least on the client side).