Skip to content

DNS HTTPS RR (RFC 9460) for 3.3dev#2866

Open
drwetter wants to merge 12 commits into3.3devfrom
https_rr-3.3dev
Open

DNS HTTPS RR (RFC 9460) for 3.3dev#2866
drwetter wants to merge 12 commits into3.3devfrom
https_rr-3.3dev

Conversation

@drwetter
Copy link
Collaborator

@drwetter drwetter commented Jul 29, 2025
edited
Loading

This is a fresh start for #2484 as the PR wasn't ready yet for 3.2 by the time it was released.

The info for the HTTPS RR shows up in the very beginning, i.e. in service_detection(). All keys are listed now in bold, values in a regular font.

get_https_rrecord() was introduced by copying and modifying get_caa_rr_record().

There's a similar obstacle as with CAA RRs: older binaries show the resource records binary encoded. Thus a new set of global vars is introduced HAS_*_HTTPS which check whether the binaries support decoding the RR directly.

For CAA there was a minor bug fixed when records were queried also when it was instructed to minimize/skip or use proxy only.

Todo:

  • Add logic in QUIC
    • if RR is detected and not QUIC is possible
    • add time for QUIC detection when RR is retrieved
  • show full HTTPS RR record, at least when having a new DNS client
  • shorten the comments in get_https_rrecord()
  • man page
  • when ASSUME_HTTP is set and no services was detected: this needs to be handled

What is your pull request about?

  • Bug fix
  • Improvement
  • New feature (adds functionality)
  • Breaking change (bug fix, feature or improvement that would cause existing functionality to not work as expected)
  • Typo fix
  • Documentation update
  • Update of other files

If it's a code change please check the boxes which are applicable

  • [] For the main program: My edits contain no tabs, indentation is five spaces and any line endings do not contain any blank chars
  • I've read CONTRIBUTING.md and Coding_Convention.md
  • I have tested this fix or improvement against >=2 hosts and I couldn't spot a problem
  • I have tested this new feature against >=2 hosts which show this feature and >=2 host which does not (in order to avoid side effects) . I couldn't spot a problem
  • For the new feature I have made corresponding changes to the documentation and / or to help()
  • If it's a bigger change: I added myself to CREDITS.md (alphabetical order) and the change to CHANGELOG.md

drwetter added 2 commits July 29, 2025 13:36
@drwetter
Changes for HTTPS RR patch
4252ec7
@drwetter
Start working on DNS HTTPS RR (RFC 9460) for 3.3dev
dd24095 
This is a fresh start for #2484 as the PR wasn't ready yet for 3.2
by the time it was released.

The info for the HTTPS RR shows up in the very beginning, i.e. in the
service_detection(). All keys are listed now in bold, values in
a regular font.

`get_https_rrecord()` was introduced by copying and modifying `get_caa_rr_record()`.

There's a similar obstacle as with CAA RRs: older binaries show the
resource records binary encoded. Thus a new set of global vars is introduced
HAS_*_HTTPS which check whether the binaries support decoding the RR
directly.

For CAA there was a minor bug fixed when records were queried also when it was
instructed to minimize/skip or use proxy only.

Todo:
- Add logic in QUIC
  - if RR is detected and not QUIC is possible
  - add time for QUIC detection when RR is retrieved
- show full HTTPS RR record, at least when having a new DNS client
- shorten the comments in `get_https_rrecord()`
- Man page
- when ASSUME_HTTP is set and no services was detected: this needs to be handled
@drwetter drwetter mentioned this pull request Jul 29, 2025
Closed
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@drwetter