Re: [Dnsmasq-discuss] DNR: DHCP options 144 and 162 for DoH/DoT/DoQ

Fri, 19 Jul 2024 21:47:11 -0700 

The encoding is similar to DHCPv6 options FWIU:

"Update DNR implementation and docs to be inline with RFC 9463"
https://gitlab.isc.org/isc-projects/kea/-/issues/3141 :

> send each key=value encoded as key-type (2 octets), len (2 octects), value 
> (variable)
>
> This is basically a very similar encoding to DHCPv6 options. Sadly, there's a 
> list of defined keys with values and some keys (e.g. port conveying uint16) 
> is encoded on 2 octet

Would there need to be an additional configuration structure for dnsmasq?,
or just strings like this from their docs:
>   "data": "150, resolver.example., 2001:db8::1 2001:db8::2, 
> alpn=dot\\,doq\\,h2\\,h3 dohpath=/q{?dns}"
>  // Note the double backslash-escaped commas in the alpn-id list.


On Fri, Jul 19, 2024 at 11:44 PM Wes Turner <wes.tur...@gmail.com> wrote:
>
> "RFC9463: DHCP and Router Advertisement Options for the Discovery of
> Network-designated Resolvers (DNR)"
> https://datatracker.ietf.org/doc/html/rfc9463
>
> 144     OPTION_V6_DNR
> 162     OPTION_V4_DNR
>
> https://kea.readthedocs.io/en/kea-2.6.0/arm/dhcp4-srv.html#dnr-discovery-of-network-designated-resolvers-options-for-dhcpv4
>
> https://kea.readthedocs.io/en/kea-2.6.0/arm/dhcp6-srv.html#dnr-discovery-of-network-designated-resolvers-options-for-dhcpv6
> :
>
> """
> The following example shows how to configure more than one ALPN
> protocol in Service Parameters. The example specifies a resolver known
> as resolver.example that supports:
>
> - DoT on default port 853
> - DoQ on default port 853
> - DoH at https://resolver.example/q{?dns}
>
> {
>   "name": "v6-dnr", // name of the option
>
>   // Note the double backslash-escaped commas in the alpn-id list.
>   "data": "150, resolver.example., 2001:db8::1 2001:db8::2,
> alpn=dot\\,doq\\,h2\\,h3 dohpath=/q{?dns}"
> }
>
> The above option will be encoded on-wire as follows:
> """
>
> Are there already discussions of adding DoH / DoT / DoQ support to
> dnsmasq? Is it more than adding an openssl dependency?
>
> Are there already discussions of adding RFC9463 DNR support to dnsmasq?
>
> RFC9463 "DNR" allows DHCP servers to indicate to clients that there
> are encrypted DNS resolver settings to use.

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Reply via email to