[dns-operations] HTTPS record support
Joe Abley
jabley at strandkip.nl
Tue Sep 9 16:44:16 UTC 2025
Hi,
On 9 Sep 2025, at 16:33, Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
> On Tue, Sep 09, 2025 at 12:26:44PM +0200, Florian Weimer via dns-operations wrote:
>
>> From: Florian Weimer <fweimer at redhat.com>
>> Date: Tue, 09 Sep 2025 12:26:44 +0200
>> Subject: HTTPS record support
>> To: dns-operations at dns-oarc.net
>>
>> I've got an RFE to add HTTPS/SVCB support to glibc's getaddrinfo
>> implementation.
>
> Why? It seems an unnatural layer violation. The IP addressses of a DNS
> name are NOT provided by its HTTPS or SVCB records.
I assume you are saying that "The IP addresses" with a capital The are more general than anything that might be published in the bindings for a particular service, which seems fair.
We have seen lots of HTTP clients connecting to the addresses provided in HTTPS records' ipv4hint and ipv6hint SvcParamKeys, even when they are different from the addresses that would be obtained using QNAME=A or AAAA. (Ordinarily these addresses would all be the same, but there was a situation a while back when they were different, so we noticed.) RFC9460 allows this, even if it advises otherwise with SHOULDs.
Joe
More information about the dns-operations
mailing list