dns: add ALPN to synthetic HTTPS records for ECH

When using local ECH config, the synthetic HTTPS record only contained
ECH parameter without ALPN. Due to ECH spec requirements (svcb_optional=false),
Chromium strictly validates DNS ALPN, causing QUIC connections to fail with
ERR_DNS_NO_MATCHING_SUPPORTED_ALPN since default "http/1.1" doesn't match "h3".

Now adds proper ALPN: "h3" for QUIC mode, "h2" for HTTP/2 mode.

Author: nekohasekai

naive_client.go

@@ -204,7 +204,7 @@ func (c *NaiveClient) Start() error {
 		if echQueryServerName == "" {
 			echQueryServerName = c.serverName
 		}
-		dnsResolver = wrapDNSResolverWithECH(dnsResolver, c.serverName, echQueryServerName, c.getECHConfigList)
+		dnsResolver = wrapDNSResolverWithECH(dnsResolver, c.serverName, echQueryServerName, c.getECHConfigList, c.quicEnabled)
 	}
 
 	engine.SetDialer(func(address string, port uint16) int {

naive_dns.go

@@ -180,14 +180,21 @@ func wrapDNSResolverWithECH(
 	serverName string,
 	echQueryServerName string,
 	echConfigGetter func() []byte,
+	quicEnabled bool,
 ) DNSResolverFunc {
 	return func(ctx context.Context, request *mDNS.Msg) *mDNS.Msg {
 		if len(request.Question) > 0 {
 			question := request.Question[0]
 			if question.Qtype == mDNS.TypeHTTPS && matchesServerName(question.Name, serverName) {
 				echConfig := echConfigGetter()
 				if len(echConfig) > 0 {
-					return injectECHConfig(request, nil, echConfig)
+					var alpn []string
+					if quicEnabled {
+						alpn = []string{"h3"}
+					} else {
+						alpn = []string{"h2"}
+					}
+					return injectECHConfig(request, nil, echConfig, alpn)
 				}
 
 				var response *mDNS.Msg
@@ -271,7 +278,7 @@ func matchesServerName(queryName, serverName string) bool {
 	return false
 }
 
-func injectECHConfig(request *mDNS.Msg, response *mDNS.Msg, echConfig []byte) *mDNS.Msg {
+func injectECHConfig(request *mDNS.Msg, response *mDNS.Msg, echConfig []byte, alpn []string) *mDNS.Msg {
 	if response == nil {
 		response = new(mDNS.Msg)
 		response.SetReply(request)
@@ -307,6 +314,7 @@ func injectECHConfig(request *mDNS.Msg, response *mDNS.Msg, echConfig []byte) *m
 				Target:   targetName,
 			},
 		}
+		https.Value = append(https.Value, &mDNS.SVCBAlpn{Alpn: alpn})
 		https.Value = append(https.Value, &mDNS.SVCBECHConfig{ECH: echConfig})
 		response.Answer = append(response.Answer, https)
 	}