[dns-operations] HTTPS record support

Petr Menšík pemensik at redhat.com
Wed Oct 15 15:51:41 UTC 2025 

Ah. I did not know getaddrinfo were defined in RFC.

It is kind of hidden in IPv6 enabling RFC 3493 [1]. I found only IDN 
draft for support in getaddrinfo [2], implemented in glibc already, but 
in IETF it was expired. Original ipv6 WG is concluded and could not be 
reused.

Well yes, if we used some ai_flags to indicate modified structure, it 
could define struct addrinfo2 with more fields. As long as 
freeaddrinfo() function would still free everything it had, it could 
work by having original data at the start.

It could use new ai_protocol constant to request result in DNS wire 
packet data instead of struct sockaddr. There it would contain not only 
missing TTL or SRV priority, but every single detail present in the 
response. Including EDNS0 data if present and interesting to clients. 
Some helper functions could extract minimal TTL, sockaddr structure or 
something similar. For more demanding analysis, libraries like c-ares or 
ldns could be used and format the output in good text way.

When A record is resolved by multiple CNAME follows, application caching 
those records should cache everything separately or should obtain the 
lowest TTL in chain for whole result. Current API does not allow any of 
that. I think browsers fake it some strange ways instead. We should find 
a way to provide them what they need from the system, without doing 
stupid hacks. But I guess that would be for some WG discussion instead.

I do not know about any other system defining something similar. Or even 
pretend their interface would be a good multiplatform standard.

Would you have any recommendation for WG to discuss this? Is add WG good 
choice for it?

Thank you for you help, Mark!

Best Regards,
Petr

1. https://datatracker.ietf.org/doc/html/rfc3493#section-6
2. https://www.ietf.org/archive/id/draft-josefsson-getaddrinfo-idn-00.html

On 14/10/2025 22:14, Mark Andrews wrote:
> Well the structure was designed to be extensible. Those are the minimum elements the structure has to contain.  If you are looking for ABI compliance you would add new stuff at the end.  I would also add flags to signal that  SRV, HTTPS, etc. should be looked up.  That change has to be requested by the application.
>
> This should go through the IETF and then POSIX.  I believe that was the original path getaddrinfo took.
>
> Getting stuff from IETF to POSIX has been problematic. Only half of the IPV6 has made that transition. The advance half hasn’t need adopted by POSIX.
This does not have any alternative in POSIX I think. If it would pass 
IETF review but not POSIX, we could consider it linux specific API 
anyway. Until someone else arrived with accepted alternative, that would 
be much better than we have now.

-- 
Petr Menšík
Senior Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

More information about the dns-operations mailing list