Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SVCB support request for dnsdist #10367

Closed
sauceress opened this issue May 6, 2021 · 1 comment
Closed

SVCB support request for dnsdist #10367

sauceress opened this issue May 6, 2021 · 1 comment
Labels
dnsdist feature request

Comments

@sauceress
Copy link

  • Program: dnsdist
  • Issue type: Feature request

Short description

We want enhanced SVCB support within dnsdist that supports multiple records with the hints returned in the 'additional' section in addition to IPv4 and IPv6 hints (since the standard is not yet finalized). This request is from Quad9 DNS.

Usecase

Format reference: https://datatracker.ietf.org/doc/html/draft-schwartz-svcb-dns-03#section-8

_dns.resolver.arpa SVCB 1 . ( alpn="dot" port="853" ipv4hint="9.9.9.9" ipv6hint="2620:fe::fe" )
_dns.resolver.arpa SVCB 2 . ( alpn="h2" port="443" ipv4hint="9.9.9.9" ipv6hint="2620:fe::fe" dohpath="/dns-query{?dns}" )

Description

We want SVCB records with entries in the 'additional' section in addition to IPv4 and IPv6 hints (since the standard is not yet finalized).

Per https://datatracker.ietf.org/doc/html/draft-schwartz-svcb-dns-03#section-10 the number for 'dohpath' is still undefined. We would like the ability to set/override this value at run time.

We need multiple records definable each with their own set of characteristics.
Example (per https://datatracker.ietf.org/doc/html/draft-schwartz-svcb-dns-03#section-8)

     _dns 7200 IN SVCB 1 @ alpn=dot,h2,h3 dohpath=/dns-query{?dns}
                           SVCB 2 @ alpn=dot port=8530
                           SVCB 3 fooexp port=5353 alpn=foo foo-info=...

Ultimately we want to be able to do this synthetically within dnsdist without requiring a backing zone, to support real time reflection of load balancing decisions.

An alternative is to chain A record look-ups for insertion into the additional section if IPv4 and IPv6 hints are also included. We'd prefer to do a single lookup versus more than one to be able to start using DNS. Our preference is for a single lookup and response.

Perhaps this could be a LUA object represented as a table.

spoofSVCB({
index=NUM,
dohpath="STRING",
ipv4hints="STRING", (could also be combo address or a group of combo addresses)
ipv6hints="STRING", (could also be combo address or a group of combo addresses)
alpn="STRING",
port=NUM
})

In order to synthesize the equivalent of:

_dns.resolver.arpa SVCB 1 . ( alpn="dot" port="853" ipv4hint="9.9.9.9" ipv6hint="2620:fe::fe" )
_dns.resolver.arpa SVCB 2 . ( alpn="h2" port="443" ipv4hint="9.9.9.9" ipv6hint="2620:fe::fe" dohpath="/dns-query{?dns}" )

This could be a 'make' rule (in which case the qname is specified in the rule).
@rgacogne rgacogne mentioned this issue Jul 19, 2021
Merged
7 tasks
@rgacogne
Copy link
Member

Forgot to close this but this has been implemented in #10597.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dnsdist feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rgacogne @sauceress