[knot-resolver-users] Re: Implementing DDR SVCB record

19 Úno 2023

I ended up with error ....

local ffi = require('ffi')
local function DDR_SVCB(state, req)
    local answer = req:ensure_answer()
    if answer == nil then return nil end
    local qry = req:current()
    if qry.stype ~= kres.type.SVCB then
        return state
    end
    ffi.C.kr_pkt_make_auth_header(answer)
    answer:rcode(kres.rcode.NOERROR)
    answer:begin(kres.section.ANSWER)

    local msg = '1 resolver.example. alpn=dot ipv4hint=192.0.2.1
ipv6hint=2001:db8::1'

    answer:put(qry.sname, 900, answer:qclass(), kres.type.SVCB,
string.char(#msg) .. msg)

    answer:begin(kres.section.ADDITIONAL)
    answer:put(qry.sname, 900, answer:qclass(), kres.type.A,
kres.str2ip('109.236.119.2'))
    answer:put(qry.sname, 900, answer:qclass(), kres.type.A,
kres.str2ip('109.236.120.2'))
    answer:put(qry.sname, 900, answer:qclass(), kres.type.AAAA,
kres.str2ip('2a02:6ca3:0:1::2'))
    answer:put(qry.sname, 900, answer:qclass(), kres.type.AAAA,
kres.str2ip('2a02:6ca3:0:2::2'))
    return kres.DONE
end

policy.add(policy.domains(DDR_SVCB, policy.todnames({'_testing.domain'})))

it results in

kdig _testing.domain @109.236.120.2 type64
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 63653
;; Flags: qr aa rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 4

;; QUESTION SECTION:
;; _testing.domain.    IN SVCB

;; ANSWER SECTION:
;; WARNING: can't print whole section

;; ADDITIONAL SECTION:
_testing.domain.    900 IN A 109.236.119.2
_testing.domain.    900 IN A 109.236.120.2
_testing.domain.    900 IN AAAA 2a02:6ca3:0:1::2
_testing.domain.    900 IN AAAA 2a02:6ca3:0:2::2

;; Received 202 B
;; Time 2023-02-19 20:01:08 CET
;; From 109.236.120.2@53(UDP) in 0.2 ms

ne 19. 2. 2023 o 18:26 Blažej Krajňák &lt;blazej.krajnak(a)gmail.com&gt; napísal(a):
...

 Hi there,

 I'm trying to implement SVCB record "_dns.resolver.arpa" for DDR
 mechanism for our AS50242 recursive resolvers.

 When I look on Cloudflare or Google implementation, they answer with
 "ADDITIONAL SECTION" also.

 kdig _dns.resolver.arpa @8.8.8.8 type64
 ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 61402
 ;; Flags: qr aa rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 4

 ;; QUESTION SECTION:
 ;; _dns.resolver.arpa. IN SVCB

 ;; ANSWER SECTION:
 _dns.resolver.arpa. 86400 IN SVCB 1 dns.google. alpn=dot
 _dns.resolver.arpa. 86400 IN SVCB 2 dns.google. alpn=h2,h3
 key7="/dns-query{?dns}"

 ;; ADDITIONAL SECTION:
 dns.google.          86400 IN A 8.8.8.8
 dns.google.          86400 IN A 8.8.4.4
 dns.google.          86400 IN AAAA 2001:4860:4860::8888
 dns.google.          86400 IN AAAA 2001:4860:4860::8844

 In Knot Resolver documentation is an example how to answer for SVCB
 request but without addition section.

 policy.add(
     policy.domains(
         policy.ANSWER(
             { [kres.type.SVCB] = { rdata=kres.parse_rdata({
                'SVCB 1 resolver.example. alpn=dot ipv4hint=192.0.2.1
 ipv6hint=2001:db8::1',
                'SVCB 2 resolver.example. mandatory=key65380 alpn=h2
 key65380=/dns-query{?dns}',
             }), ttl=5 } }
         ), { todname('_testing.domain') }))

 Can anyone help me, how to add additional section to answer? Do we
 need to use policy.custom_action(state, request)?

 Thanks!
 Blažej 

2025

2024

2023

2022

2021

2020

2019

2018

[knot-resolver-users] Re: Implementing DDR SVCB record