[nsd-users] how do I add an SVCB record to NSD
Jeroen Koekkoek
jeroen at nlnetlabs.nl
Mon Jan 9 09:44:36 UTC 2023
Hi Peter,
The format for SVCB and HTTPS RRs is the same, but the HTTPS rrtype is
reserved for use with the http and https URI schemes and implies some
values. I only worried about parsing it successfully for now, so I
don't know all the details, but
https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-11.html#https
should answer that question in more detail(?)
nsd-checkzone mostly checks if it can successfully parse the record, so
mostly syntax, but it does check some semantics. The SVCB zone format
is a little weird because it introduces some syntax changes. There has
been some discussion on the syntax, but yes, quotes matter.
>From the top of my head, you're allowed to specify either key=value or
key="value", but not key<space+>=<space+>"value". Depending on the
value, you need to quote it. Presumably, there's also some weirdness
around double escaping wrt alpn values and comma's, but the details
escape me.
- Jeroen
On Fri, 2023-01-06 at 13:30 +0100, Peter Russel via nsd-users wrote:
> @ jeroen
>
> thanks for your pointers, managed to create valid entries (quotes
> matter, nsd-checkzone doesn't warn, dig result than says: ;; Got bad
> packet: extra input data)
>
> testzone, dummy IPs:
>
> doh IN A 192.169.254.4
> doh IN AAAA 2a02:1810:4d27:290f::aa01
>
> ;## HTTPS
> httpsipv4 IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> httpsipv6 IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv6hint="2a02:1810:4d27:290f::aa01"
> httpsip IN HTTPS 1 . alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> ipv6hint="2a02:1810:4d27:290f::aa01"
>
> ;## SVCB
> svcbipv4 IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> svcbipv6 IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv6hint="2a02:1810:4d27:290f::aa01"
> svcbip IN SVCB 1 doh alpn=h3,h2,http/1.1 dohpath="/dns-query{?dns}"
> port=443 ipv4hint="192.169.254.4"
> ipv6hint="2a02:1810:4d27:290f::aa01"
>
> I don't get it yet, It looks like you can do the same, using HTTPS
> and SVCB records. What is the difference, since the query replies
> provide identical information?
>
> Thanks for your time and effort
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
More information about the nsd-users
mailing list