SVCB/HTTPS vs. getaddrinfo: how to merge?

2024-12-25 Thread Peter 'PMc' Much 
Folks,

  recent messages here mentioned some HTTPS and SVCB RRs.

This is completely news to me, so I gave it some read.
Then I found that these new tools are supposed to provide (IPv4 and
IPv6) addresses, which seems to me as rather strange from a
logical viewpoint.

Normally, the addresses to be used are provided by 'getaddrinfo',
which in turn gets substantial information from /etc/ip6addrctl.conf
(RFC 3484), which describes the client's physical connectivity
(e.g. which destinations can be reached from which subnets).

So I am wondering how this is supposed to interact. 

cheerio,
PMc
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: cname for apex record

2024-12-25 Thread Jan Schaumann via bind-users 
Mark Andrews  wrote:

> As for browser support Safari added HTTPS record support years ago (~2020).
> 
> Mozilla finally removed the restriction of only looking up HTTPS records via 
> DoH in release 129.0.
> 
> Chrome added support in 2021.

Well, "support" here means different things, though.
In my experimentation, I've found that some browsers
only support some features of the HTTPS records.

See e.g.:

https://issues.chromium.org/issues/40937306
https://bugzilla.mozilla.org/show_bug.cgi?id=1869075

AFAIU, Chrome is primarily (only? at this time?)
interested in using HTTPS records for ECH, which last
I checked (about 6 months ago or so), Safari at least
didn't support.

Honoring of alpn, port, and the behavior of handling
chains in alias mode, or how to behave if an alias
doesn't have A/ records etc. all is also still
very much hit or miss, I've found.

> Searching for information about which browsers support it is problematic 
> because DNS and HTTPS are used together for different things.

Yeah.  Having SVCB/HTTPS support in caniuse.com would
be useful:

https://github.com/Fyrd/caniuse/issues/6091

-Jan
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users