[Feature Request] Autohints for https #911
Comments
|
Thanks for the feature request. Will get that added soon. |
|
I did some analysis on this feature and it seems that it would be difficult to add support for it. The main issue is that since this is a proprietary feature, there is no standard wire format for this option defined. Which means, this record cannot be serialized to sent over wire and thus it wont work with zone transfers to allow secondary zones to sync records. Even if some proprietary wire format was define, it would only work with Technitium DNS as the secondary server and would fail to work with other 3rd party DNS server software. The other issue with it is that since this feature essentially makes the record dynamic, it creates issue with DNSSEC signing support as the records are signed in advance. Dynamic record signing (online signing) is not possible with current DNSSEC implementation. Also, since the DNS server is already returning A and AAAA records in the additional section, adding the same info as hints would be redundant. The client app will already be processing the additional A and AAAA records since IP hints have lower priority and are only to be used if A or AAAA records were not available immediately. |
|
Hi, thanks for looking into it. As far as I understand the documentation for zone transfer they resolve the value and transfer via the zone transfer only: For zone signing at the end only the real values would be signed and ipv4hint=auto never be visible outside to any DNS client / DNS zone transfer? |
|
Thanks for the response. I reread their docs and yes they resolve the address before writing to wire so zone transfer works normally. Not sure how they are doing signing, may be they have online signing support which is not available in Technitium DNS. I guess, this can be implemented such that whenever the SVCB/HTTPS record is added/updated, it will check for the relevant A/AAAA records in the zone and update it immediately. And when any A/AAAA record is added/updated, it checks to see if there are any SVCB/HTTPS records and then update the hints. This way it would be possible to sign the records in advance. Will think on this for a while to get how it could be implemented. |
|
Thanks for sticking to the topic and clarifying the open parts, no hurry from my side. Would be a great addition. |
Hi,
it would be awesome if autohins for https would be supported similar to the PowerDNS idea.
Would increase the DNS resolution speed and at the same time not increase the administrative burden:
www.example.org IN HTTPS 1 . ipv4hint=auto
in DNS zone resolves to DNS query as:
www.example.org. 3600 IN HTTPS 1 . ipv4hint=192.0.2.1
Ref: https://doc.powerdns.com/authoritative/guides/svcb.html
Thanks
The text was updated successfully, but these errors were encountered: