[net-dns-users] SVCB

[Doug Barton]

Thanks again for the response. I think I should provide some more 
context for my concerns before I respond below.

I manage a portfolio with 10s of thousands of domains for a large 
multinational company. I also manage the DNS for about half of them. The 
DNS for the other half is managed by various different teams within our 
company; vendors, partners, etc. I'm often called upon to answer 
questions and provide guidance on best practices for DNS management. My 
team also handles a few hundred redelegations every year.

One of the tools I use to assist with this work is a script written in 
Perl that queries the primary, or one of the public authoritative 
servers for a zone for a commonly used set of RRs, in combination with a 
predefined set of commonly used host names.

Even in situations where I DO manage the DNS, it is way more convenient 
to use that script to check the status of a zone than it is to log into 
the DNS portal. It also helps confirm that what's showing up on the wire 
after a change is what was intended.

When dealing with internal customers and third parties it's even more 
important that I have an accurate picture of what's in their zone file 
because I don't have direct access to it. I need to be able to 
communicate intelligently with those folks in terms of, "You have XYZ in 
your zone file, which is causing this effect. If you want that effect 
you need to put PDQ in your zone file instead."

I hope this makes clear why I'm asking these questions, and asking for a 
way to have a "zone file view" of the data for these records, and why 
I'm curious about how these records are being treated differently than 
all the other RRs in the library.

More below.

On 2024-11-21 7:08 AM, Dick Franks via net-dns-users wrote:
> On Mon, 11 Nov 2024 at 18:24, Doug Barton via net-dns-users
> <net-dns-users at lists.nlnetlabs.nl> wrote:
>> 8
>>
>> On 2024-11-10 10:43 AM, Dick Franks via net-dns-users wrote:
>>> On Sun, 10 Nov 2024 at 02:36, Doug Barton via net-dns-users
>>> <net-dns-users at lists.nlnetlabs.nl> wrote:
>>>>
>>>> I have two questions about the SVCB/HTTPS implementation.
>>>>
>>>> First, how does one decode the "presentation format" data that's
>>>> returned by the svcparam methods? I tried every combination of unpack
>>>> that I could think of, including those used for pack and unpack in the
>>>> pm file, and all I get is gibberish. None of the standard RR methods
>>>> work either, including print, string, etc.; and I'm pretty sure I tried
>>>> them all.
> 
> That is a reasonable complaint, which you did not follow through.
> An uninterpreted octet string would be much easier to unpack.

Can you please elaborate on this? I'm not sure what you mean here. Is 
there something else you need from me to demonstrate the issue?

>>>> Second, what's the rationale for this substitution on line 190 of the
>>>> current version of SVCB.pm:
>>>>
>>>>            return ( $target eq '.' ) ? $self->owner : $target;
>>>>
>>>
>>> RFC9460(2.5.2)
>>
>> Yes, I know how the mechanism works, but I'm asking why you're forcing
>> the substitution in the output.
> 
> Because RFC9460 says how the targetname should be derived when '.'
> appears on the wire.

The RFC describes how the information should be used, not how it should 
be displayed in text. I still think that at least having a mnemonic 
display option here would be useful.

>> More generally, is there a way to convert the presentation format back
>> to mnemonic format?
> 
> Not without 60% more code nor serving any real purpose.

I hope I've described my need for this adequately above.

If you could point me in the right direction in terms of the conversion 
I'd be willing to work on a patch. At minimum I need to do this for my 
own purposes, so any tips would be very much appreciated.

Doug