caniuse icon indicating copy to clipboard operation
caniuse copied to clipboard
verified publisher icon Fyrd

Add support for DNS RRs, like HTTPS and SVCB

Open GamePad64 opened this issue 4 years ago • 14 comments

So, this is a new standard draft for DNS records, that is meant to be used in browsers. It is just like SRV, but a bit more advanced.

GamePad64 avatar Nov 21 '21 17:11 GamePad64

Got a link to the spec draft or something? :)

Schweinepriester avatar Nov 22 '21 11:11 Schweinepriester

I mean I found https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/08/. But only those two, type HTTPS as well as SVCB, or more?

https://en.wikipedia.org/wiki/List_of_DNS_record_types has them as well.

Also https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/ has some background, it appears.

Schweinepriester avatar Nov 30 '21 13:11 Schweinepriester

Oh, sorry for having to look for spec by yourself. Yes, only these two record types are in the works now. HTTPSSVC is just an older alias for HTTPS record.

FF tracking bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1634793 Chromium tracking bug: Implemented and Archived

GamePad64 avatar Nov 30 '21 18:11 GamePad64

Also, shipped in Chrome 96: https://www.chromestatus.com/feature/5485544526053376 And in FF 92: https://www.mozilla.org/en-US/firefox/92.0/releasenotes/

GamePad64 avatar Nov 30 '21 18:11 GamePad64

HTTPS-RR consists of many parts, browsers implement them one by one, it may require lots of works sorting them out.

Chromium never seems to have a tracker for fully implementing HTTPS-RR, in addition to #1052476 (archived for some reason) and #1206455 (HTTP->HTTPS redirect), there are also #1264933 (ECH support) and #1417033 (AliasMode support and ServiceMode target support).

The last one was just opened a day ago, but I personally think it's the most wanted feature.

PaperStrike avatar Feb 18 '23 18:02 PaperStrike

FYI, the draft is now an RFC https://www.rfc-editor.org/rfc/rfc9460.html

I did some research on the adoption of the HTTPS record: https://www.netmeister.org/blog/https-rrs.html

Relevant findings here: Safari seems to support it fully; Firefox supports it fully iff using DoH; Chrome currently only supports the 'ech' field.

Having these records and support for all fields tracked in caiuse.com would be very useful indeed!

jschauma avatar Nov 20 '23 19:11 jschauma

Firefox supports it fully if using DoH

Also for system DNS since Firefox 129: https://www.mozilla.org/en-US/firefox/129.0/releasenotes/

otbutz avatar Aug 07 '24 08:08 otbutz

Not on macOS, though. (The release notes say that, but of course I did just waste a few minutes wondering wtf it wasn't working. ;- )

jschauma avatar Aug 07 '24 20:08 jschauma

@jschauma

Did you enable network.dns.native_https_query in about:config? On Linux, I had to do this.

0x192 avatar Aug 10 '24 11:08 0x192

Showing this as a differentiated feature ("Full SVCB", "SVCB only for XY") is important, because as jschauma pointed out, support is heterogenous, and people looking up just "SVCB support" might be confused when later Chrome users can't connect for lack of port support.

chrysn avatar Sep 04 '24 18:09 chrysn