Re: [nsd-users] how do I add an SVCB record to NSD

2023-01-09 Thread Jeroen Koekkoek via nsd-users 
Hi Peter,

The format for SVCB and HTTPS RRs is the same, but the HTTPS rrtype is
reserved for use with the http and https URI schemes and implies some
values. I only worried about parsing it successfully for now, so I
don't know all the details, but
https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-11.html#https
should answer that question in more detail(?)

nsd-checkzone mostly checks if it can successfully parse the record, so
mostly syntax, but it does check some semantics. The SVCB zone format
is a little weird because it introduces some syntax changes. There has
been some discussion on the syntax, but yes, quotes matter.

>From the top of my head, you're allowed to specify either key=value or
key="value", but not key="value". Depending on the
value, you need to quote it. Presumably, there's also some weirdness
around double escaping wrt alpn values and comma's, but the details
escape me.

- Jeroen


On Fri, 2023-01-06 at 13:30 +0100, Peter Russel via nsd-users wrote:
> @ jeroen
> 
> thanks for your pointers, managed to create valid entries (quotes
> matter, nsd-checkzone doesn't warn, dig result than says: ;; Got bad
> packet: extra input data)
> 
> testzone, dummy IPs:
> 
> doh IN A 192.169.254.4
> doh IN  2a02:1810:4d27:290f::aa01
> 
> ;## HTTPS
> httpsipv4 IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> httpsipv6 IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv6hint="2a02:1810:4d27:290f::aa01"
> httpsip IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> ipv6hint="2a02:1810:4d27:290f::aa01"
> 
> ;## SVCB
> svcbipv4 IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> svcbipv6 IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv6hint="2a02:1810:4d27:290f::aa01"
> svcbip IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> ipv6hint="2a02:1810:4d27:290f::aa01"
> 
> I don't get it yet, It looks like you can do the same, using HTTPS
> and SVCB records. What is the difference, since the query replies
> provide identical information?
> 
> Thanks for your time and effort
> ___
> nsd-users mailing list
> nsd-users@lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users

___
nsd-users mailing list
nsd-users@lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users

Re: [nsd-users] how do I add an SVCB record to NSD

2023-01-06 Thread Jeroen Koekkoek via nsd-users 
Hi Peter,

SVCB records, or any other kind of record, should be added to your zone
file. https://nsd.docs.nlnetlabs.nl/en/latest/zonefile.html should give
you a decent example of how such a file should look. As for how to add
SVCB records, the svcb test can probably shed some light:
https://github.com/NLnetLabs/nsd/blob/master/tpkg/svcb.tdir/svcb.success-cases.zone.

Hope that helps.

- Jeroen


On Thu, 2023-01-05 at 11:45 +0100, Peter Russel via nsd-users wrote:
> a DNS query, type SVCB, like this:
> dig @94.140.15.15 _dns.resolver.arpa svcb +short
> returns:
> 1 dns.adguard-dns.com. alpn="h3,h2,http/1.1" port=443
> ipv4hint=94.140.14.14,94.140.15.15
> ipv6hint=2a10:50c0::ad1:ff,2a10:50c0::ad2:ff key7="/dns-query{?dns}"
> 2 dns.adguard-dns.com. alpn="dot" port=853
> ipv4hint=94.140.14.14,94.140.15.15
> ipv6hint=2a10:50c0::ad1:ff,2a10:50c0::ad2:ff
> 3 dns.adguard-dns.com. alpn="doq" port=853
> ipv4hint=94.140.14.14,94.140.15.15
> ipv6hint=2a10:50c0::ad1:ff,2a10:50c0::ad2:ff
> 
> how do I add a record like this to my NSD config?
> 
> thanks for your time and effort.
> ___
> nsd-users mailing list
> nsd-users@lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users

___
nsd-users mailing list
nsd-users@lists.nlnetlabs.nl
https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users