Proposal Details

Golang 1.23+already supports ECH, and the main way to obtain ECH config list is through DNS. However, there is no query function for HTTPS records (type65) in the net package, For now, we need manually handle DNS responses

Type65 not only include the ECH config list, so the func should return a structure slice containing priority (int) alpn ([]string) ECH config list ([]byte) ipv4hint ([]string)... (Other specified in RFC 9460)

Comment From: ianlancetaylor

Can you write down the doc comment and function signature for what you are proposing? Thanks.

Comment From: Fangliding

Can you write down the doc comment and function signature for what you are proposing? Thanks.

Fine

// LookupHTTPS returns the DNS HTTPS records for the given domain name.
//
// LookupHTTPS uses [context.Background] internally; to specify the context, use
// [Resolver.LookupHTTPS].
func LookupHTTPS(name string) ([]*HTTPSRecord, error) {
}

// An HTTPSRecord represents a single DNS HTTPSRecord record.
type HTTPSRecord struct {
    Priority uint16
    Target   string
    Param    map[string][]string
}

Params can be customized, so unlike my previous description, this should be a map

According to the naming style of other records (MX & NS), HTTPSRecord should be named HTTPS, but this name is quite ambiguous and I don't know how to decide

Comment From: ianlancetaylor

Thanks. I now understand that this is a request to implement RFC 9460. That will require changes in the x/net/dns/dnsmessage package as well. Presumably we should also handle SVCB records.

CC @neild

Comment From: seankhliao

The proposal for dnsmessage is #43790

I think if we add it, it should be a method on Resolver https://pkg.go.dev/net#Resolver Is it necessary to add a global? I somehow doubt usage will be high enough to justify it.

Comment From: Fangliding

I think if we add it, it should be a method on Resolver https://pkg.go.dev/net#Resolver Is it necessary to add a global? I somehow doubt usage will be high enough to justify it.

The lookup method in Resolver seems to be basically the same as the global lookup function, and it's just a function created for the convenience of calling, and there will not be too many differences regardless of the decision

I just think this function might be a part of ECH support. If others think this is unnecessary or could be merged into that proposal, this issue can be closed.

Comment From: mateusz834

Are these DNS records types directly supported in windows DNS apis?

Comment From: mateusz834

Also the name makes me a bit uncomfortable, "https", when I saw the title of this issue I thought that it is something for net/http. This might be a reason not to make it a global function.

Comment From: Fangliding

Are these DNS records types directly supported in windows DNS apis?

Nope, so this will not support? Golang seems to get DNS results from win API by default.

Also the name makes me a bit uncomfortable, "https", when I saw the title of this issue I thought that it is something for net/http. This might be a reason not to make it a global function.

Yes, but this is its name((((

Comment From: mateusz834

Nope, so this will not support? Golang seems to get DNS results from win API by default.

We can still support it with the pure Go resolver, but it will diverge from other Lookup methods on windows, where we use the Win APIs. The Go resolver looks for DNS servers configured on network interfaces, so doing so we don't get any local caching (by the OS) (unless it is configured with local DNS resolver). I don't consider this to be a huge problem (if we only used the Go resolver here), but a small detail that we should be aware of.

CC @qmuntal Are you aware of any APIs that would allow querying such records on Windows platforms? It would be nice if it allowed direct []byte access 😄.

Comment From: qmuntal

CC @qmuntal Are you aware of any APIs that would allow querying such records on Windows platforms? It would be nice if it allowed direct []byte access 😄.

You can get SVCB/HTTPS DNS records using DnsQuery_W querying the DNS_TYPE_SVCB and DNS_TYPE_HTTPS types (see values here https://github.com/microsoft/win32metadata/blob/a4418f7f3c58becfbb32b448d21ff82023d8bcb9/generation/WinSDK/RecompiledIdlHeaders/shared/windnsdef.h#L223-L226).

The returned records will contain a Svcb data property (source) of type DNS_SVCB_DATA, which also applied to HTTPS records. Looks like this struct has all the necessary information.

Comment From: fortuna

CC @qmuntal Are you aware of any APIs that would allow querying such records on Windows platforms? It would be nice if it allowed direct []byte access 😄.

It looks like Go already has syscall.DnsQuery on Windows, which is what is used for the TXT record.

It uses DnsQuery_W under the hood.

Comment From: fortuna

In addition to adding support for HTTPS, we should also add support for generic Resource Records, so applications can adopt new RRs without having to wait for the language to add support for the specific RR type.