Hi Peter,
The format for SVCB and HTTPS RRs is the same, but the HTTPS rrtype is
reserved for use with the http and https URI schemes and implies some
values. I only worried about parsing it successfully for now, so I
don't know all the details, but
https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-11.html#https
should answer that question in more detail(?)
nsd-checkzone mostly checks if it can successfully parse the record, so
mostly syntax, but it does check some semantics. The SVCB zone format
is a little weird because it introduces some syntax changes. There has
been some discussion on the syntax, but yes, quotes matter.
>From the top of my head, you're allowed to specify either key=value or
key="value", but not key<space+>=<space+>"value". Depending on the
value, you need to quote it. Presumably, there's also some weirdness
around double escaping wrt alpn values and comma's, but the details
escape me.
- Jeroen
On Fri, 2023-01-06 at 13:30 +0100, Peter Russel via nsd-users wrote:
> @ jeroen
>
> thanks for your pointers, managed to create valid entries (quotes
> matter, nsd-checkzone doesn't warn, dig result than says: ;; Got bad
> packet: extra input data)
>
> testzone, dummy IPs:
>
> doh IN A 192.169.254.4
> doh IN AAAA 2a02:1810:4d27:290f::aa01
>
> ;## HTTPS
> httpsipv4 IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> httpsipv6 IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv6hint="2a02:1810:4d27:290f::aa01"
> httpsip IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> ipv6hint="2a02:1810:4d27:290f::aa01"
>
> ;## SVCB
> svcbipv4 IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> svcbipv6 IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv6hint="2a02:1810:4d27:290f::aa01"
> svcbip IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> ipv6hint="2a02:1810:4d27:290f::aa01"
>
> I don't get it yet, It looks like you can do the same, using HTTPS
> and SVCB records. What is the difference, since the query replies
> provide identical information?
>
> Thanks for your time and effort
> _______________________________________________
> nsd-users mailing list
> nsd-users@lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
_______________________________________________
nsd-users mailing list
nsd-users@lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
