New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SVCB and HTTPS support #9369
SVCB and HTTPS support #9369
Conversation
5f01d68
to
8fac44c
Compare
fb75317
to
3030e92
Compare
After a discussion with @Habbie, some features will be moved to a next iteration so this initial code can land in auth 4.4.0-alpha1. These features will be:
|
3030e92
to
ae5bab5
Compare
upgrading.rst notes that IPSECKEY is no longer unknown; it should note the same for SVCB and HTTPS. |
0755636
to
34c84c5
Compare
@@ -212,6 +212,18 @@ attributetype ( 1.3.6.1.4.1.2428.20.1.61 NAME 'openPGPKeyRecord' | |||
SUBSTR caseIgnoreIA5SubstringsMatch | |||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) | |||
|
|||
attributetype ( 1.3.6.1.4.1.2428.20.1.64 NAME 'sVCBRecord' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
idk, but newer records apparently stopped with the 'first char downcase' rule already, so lets not continue it? (cf EUI64Record)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per Howard Chu: don't know why people do that, probably historical. Conformity in a schema is a good thing. Also, they are case-insensitive.
Please uppercase :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few nits but the code looks solid. ❤️ the tests :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some initial nits.
Also: the draft suggests that svcParamKeys need to be in increasing numeric order. Is this something the code should do?
To answer my own question: within the RR this is already done. |
Might make sense to add an API test (didn't verify this works): diff --git a/regression-tests.api/test_Zones.py b/regression-tests.api/test_Zones.py
index e2069d8ef..2a4c62717 100644
--- a/regression-tests.api/test_Zones.py
+++ b/regression-tests.api/test_Zones.py
@@ -1462,6 +1462,25 @@ $ORIGIN %NAME%
headers={'content-type': 'application/json'})
self.assert_success(r) # user should be able to create DNAME at APEX as per RFC 6672 section 2.3
+ def test_rr_svcb(self):
+ name, payload, zone = self.create_zone()
+ rrset = {
+ 'changetype': 'replace',
+ 'name': 'svcb.' + name,
+ 'type': 'SOA',
+ 'ttl': 3600,
+ 'records': [
+ {
+ "content": 'mandatory=alpn alpn=h2,h3 ipv4hint=192.0.2.1,192.0.2.2 echconfig="dG90YWxseSBib2d1cyBlY2hjb25maWcgdmFsdWU="',
+ "disabled": False
+ },
+ ]
+ }
+ payload = {'rrsets': [rrset]}
+ r = self.session.patch(self.url("/api/v1/servers/localhost/zones/" + name), data=json.dumps(payload),
+ headers={'content-type': 'application/json'})
+ self.assert_success(r)
+
def test_rrset_ns_dname_exclude(self):
name, payload, zone = self.create_zone()
rrset = { |
039aeee
to
7391637
Compare
7391637
to
5c8ea66
Compare
5c8ea66
to
0ab5d78
Compare
Short description
PR to add SVCB and HTTPS support.
ToDo:
SvcParam
class for internal representation of service parametersreportOtherTypes
reportOtherTypes
xfrSvcParamKeyVals
)RecordTextReader
RecordTextWriter
DNSPacketWriter
PacketReader
pdnsutil
tests for SVCB/HTTPS correctnessChecklist
I have: