On 10 Apr 2024, at 12:47, Alarig Le Lay via dns-operations wrote:
> I don’t know any tool either, Neither do I. I have a related question: does anyone know of plans among resolver developers to implement alias-chasing according to section 4.2 of RFC9460? In my domestic set-up, which includes BIND named, unbound, and kresd, I'm not seeing this available yet. [More about ECH and curl below, in context ...] > but curl plans to implement it: > https://curl.se/dev/roadmap.html > > the next few years - perhaps > > Roadmap of things Daniel Stenberg wants to work on next. It is [...] > HTTPS DNS records > > As a DNS version of alt-svc and also a pre-requisite for ECH > (see below). > > See: https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-02 > > ECH (Encrypted Client Hello - formerly known as ESNI) > > See Daniel's post on Support of Encrypted SNI on the mailing > list. > > Initial work exists in PR 4011 This PR 4011 was a POC for ESNI, (2019) before it became ECH, so it's been overtaken by events. It was part of the DEfO project (defo.ie), which is continuing. By now,Stephen Farrell has developed ECH support in (his fork of) OpenSSL, and has implemented ECH support on a number of server codes. On the client side, he and I have added ECH support to libcurl, and partial HTTPS RR support into its DoH component. Making ECH work, rather than checking all the structure of the HTTPS RDATA, has been our focus. As of yesterday (https://github.com/niallor/curl/tree/ECH-follow-alias-20240410) we have alias-following working, but only for the first AliasMode RR; limited iteration is on the TODO list. I can't say how soon we'll succeed in having some of this work accepted upstream; we're at different stages of engagement with a number of developer teams. /Niall _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
