Connectbyname and the Proxy Control option
- Track: DNS devroom
- Room: UB4.136
- Day: Saturday
- Start: 16:20
- End: 16:45
- Video only: ub4136
- Chat: Join the conversation!
At NLnet Labs, we worked on creating an API and prototype implementation for 'connectbyname', library function that takes as input a (DNS) name and returns a TLS connection. The idea is to work towards a standard API for such a function, that can internally use asynchronous DNS lookups, implement Happy Eyeballs, support DANE, SVCB/HTTPS, encrypted client hello, etc. I will present the various prototype implementation we created.
During this work we found that supporting the many new DNS connection types (DNS over TLS, DNS over HTTPS, DNS over QUIC) from within a library is creating a nu mber of problems. To deal with this problem, we created a new EDNS(0) option called Proxy Control option, that allows stub resolvers to send requirements to a local proxy. I will present this option and how it can help to keep DNS stub resolvers simple.
Speakers
Philip Homburg |