Hi Peter, The format for SVCB and HTTPS RRs is the same, but the HTTPS rrtype is reserved for use with the http and https URI schemes and implies some values. I only worried about parsing it successfully for now, so I don't know all the details, but https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-11.html#https should answer that question in more detail(?)
nsd-checkzone mostly checks if it can successfully parse the record, so mostly syntax, but it does check some semantics. The SVCB zone format is a little weird because it introduces some syntax changes. There has been some discussion on the syntax, but yes, quotes matter. >From the top of my head, you're allowed to specify either key=value or key="value", but not key<space+>=<space+>"value". Depending on the value, you need to quote it. Presumably, there's also some weirdness around double escaping wrt alpn values and comma's, but the details escape me. - Jeroen On Fri, 2023-01-06 at 13:30 +0100, Peter Russel via nsd-users wrote: > @ jeroen > > thanks for your pointers, managed to create valid entries (quotes > matter, nsd-checkzone doesn't warn, dig result than says: ;; Got bad > packet: extra input data) > > testzone, dummy IPs: > > doh IN A 192.169.254.4 > doh IN AAAA 2a02:1810:4d27:290f::aa01 > > ;## HTTPS > httpsipv4 IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}" > port=443 ipv4hint="192.169.254.4" > httpsipv6 IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}" > port=443 ipv6hint="2a02:1810:4d27:290f::aa01" > httpsip IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}" > port=443 ipv4hint="192.169.254.4" > ipv6hint="2a02:1810:4d27:290f::aa01" > > ;## SVCB > svcbipv4 IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}" > port=443 ipv4hint="192.169.254.4" > svcbipv6 IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}" > port=443 ipv6hint="2a02:1810:4d27:290f::aa01" > svcbip IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}" > port=443 ipv4hint="192.169.254.4" > ipv6hint="2a02:1810:4d27:290f::aa01" > > I don't get it yet, It looks like you can do the same, using HTTPS > and SVCB records. What is the difference, since the query replies > provide identical information? > > Thanks for your time and effort > _______________________________________________ > nsd-users mailing list > nsd-users@lists.nlnetlabs.nl > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users _______________________________________________ nsd-users mailing list nsd-users@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users