dhcpcd icon indicating copy to clipboard operation
dhcpcd copied to clipboard
verified publisher icon NetworkConfiguration

RFC9463 DNR: DHCP options 144 and 162 for DoH/DoT/DoQ

Open westurner opened this issue 1 year ago • 1 comments

Support for RFC9463 DNR: DHCP options 144 and 162 for DoH/DoT/DoQ

RFC9463 "DNR" allows DHCP servers to indicate to clients that there are encrypted DNS resolver settings to use.

"RFC9463: DHCP and Router Advertisement Options for the Discovery of Network-designated Resolvers (DNR)" https://datatracker.ietf.org/doc/html/rfc9463

144     OPTION_V6_DNR
162     OPTION_V4_DNR

  • https://kea.readthedocs.io/en/kea-2.6.0/arm/dhcp4-srv.html#dnr-discovery-of-network-designated-resolvers-options-for-dhcpv4

  • https://kea.readthedocs.io/en/kea-2.6.0/arm/dhcp6-srv.html#dnr-discovery-of-network-designated-resolvers-options-for-dhcpv6 :

    The following example shows how to configure more than one ALPN protocol in Service Parameters. The example specifies a resolver known as resolver.example that supports:

    • DoT on default port 853
    • DoQ on default port 853
    • DoH at https://resolver.example/q{?dns}
    {"name": "v6-dnr", // name of the option
// Note the double backslash-escaped commas in the alpn-id list.
"data": "150, resolver.example., 2001:db8::1 2001:db8::2, alpn=dot\\,doq\\,h2\\,h3 dohpath=/q{?dns}"
}

    The above option will be encoded on-wire as follows:

The encoding is similar to DHCPv6 options FWIU:

"Update DNR implementation and docs to be inline with RFC 9463" https://gitlab.isc.org/isc-projects/kea/-/issues/3141 :

send each key=value encoded as key-type (2 octets), len (2 octects), value (variable)

This is basically a very similar encoding to DHCPv6 options. Sadly, there's a list of defined keys with values and some keys (e.g. port conveying uint16) is encoded on 2 octet

I just sent an email to dnsmsq-discuss about this.

Are there already discussions of adding RFC9463 DNR support to [dhcpcd,]?

Does dhcpcd need to parse the options or is that for downstream apps like [nmcli,] to implement instead of e.g. json?

westurner avatar Jul 20 '24 04:07 westurner

Does dhcpcd need to parse the options or is that for downstream apps like [nmcli,] to implement instead of e.g. json?

dhcpcd-definitions.conf updated so that the option can be exposed via environment variables. Then either 20-resolv.conf or a new hook script can be written to do something with the variables.

rsmarples avatar Jul 23 '24 22:07 rsmarples