HTTPS records not returned
kuon opened this issue · comments
If I do:
drill HTTPS ifconfig.io
I got the following output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 25097
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; ifconfig.io. IN A
;; ANSWER SECTION:
ifconfig.io. 232 IN A 188.114.96.14
ifconfig.io. 232 IN A 188.114.97.14
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 1 msec
;; SERVER: 10.11.1.1
;; WHEN: Mon Jun 6 23:07:47 2022
;; MSG SIZE rcvd: 61
I expect the HTTPS record.
Same with dig
:
dig HTTPS ifconfig.io
; <<>> DiG 9.18.2 <<>> HTTPS ifconfig.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25199
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ifconfig.io. IN HTTPS
;; ANSWER SECTION:
ifconfig.io. 300 IN HTTPS 1 . alpn="h3,h3-29,h2" ipv4hint=188.114.96.14,188.114.97.14 ipv6hint=2a06:98c1:3120::e,2a06:98c1:3121::e
;; Query time: 20 msec
;; SERVER: 10.11.1.1#53(10.11.1.1) (UDP)
;; WHEN: Mon Jun 06 23:08:35 CEST 2022
;; MSG SIZE rcvd: 119
Hi @kuon , you need to configure ldns with the --enable-rrtype-svcb-https
before compiling to get SVCB and HTTPS support.
We do these configure flags for all features which are not RFC yet, because we don't want to expose things that are still in development and can still change.
However, since the draft is currently in the RFC editor queue, see https://www.rfc-editor.org/current_queue.php#draft-ietf-dnsop-svcb-https , I do think it is safe to have them configured by default now. I have committed that in d34309f
Great. Thanks.
For information and reference, I came across HTTPS records because I was intercepting DNS requests for iOS devices (iPad) for ad blocking and it took me a while to understand why it wasn't working, that's because I was only intercepting A and AAAA requests, and the iPad already use HTTPS records. So it seems it is already widely deployed (at least on the client side).