[Dnsmasq-discuss] dnsmasq (pihole) caching of HTTPS requested
Simon Kelley
simon at thekelleys.org.uk
Thu Jan 19 10:53:14 UTC 2023
From a quick scan of the draft, this is not trivial.
It looks like one form of the record is effectively a re-implementation
of CNAME, and all replies have lots of extra processing. It's not simply
a case of adding the ability to store a new RRtype in the cache; replies
to queries for that type have to include extra records in the additional
section. That requires being able to do multiple upstream queries to
answer one downstream query, or at least to cache all the results of an
upstream query, on the basis that the upstream recursive resolver does
the complicated stuff. Neither of these is architecturally possible in
the current code. See section 4.2 of the draft for details.
Cheers,
Simon.
On 19/01/2023 00:20, Dan Schaper via Dnsmasq-discuss wrote:
> HTTPS is a valid resource record type. It's currently in draft status
> but it's used in the wild rather frequently.
>
> https://developer.mozilla.org/en-US/docs/Glossary/https_rr
>
> https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/
>
> Best,
> Dan
>
>
> ------ Original Message ------
>> From george at high-two.com
> To "Gary Sakorafas" <gsakorafas at gmail.com>
> Cc dnsmasq-discuss at lists.thekelleys.org.uk
> Date 1/18/2023 3:37:54 PM
> Subject Re: [Dnsmasq-discuss] dnsmasq (pihole) caching of HTTPS requested
>
>> HTTPS is not a DNS record, so there is nothing to cache.
>>
>> When you reference an URL, an HTTPS record, your system will have to
>> look up the system name to do that. That system name is in a DNS A
>> record (or AAAA if you are using IPv6).
>>
>> On Wed, Jan 18, 2023 at 06:24:12PM -0500, Gary Sakorafas wrote:
>>> hello team
>>>
>>> I was inquiring about pihole's lack of cache for HTTPS requests and
>>> they
>>> directed me to you. As dnsmasq is used by pihole, is it possible to
>>> add
>>> caching for the HTTPS type?
>>>
>>> *dnsmasq can only cache A, AAAA, CNAME, DS, DNSKEY and SRV. For the
>>> three
>>> latter it already utilizes blockmemory and I think this should be
>>> extendable rather straightforward.*
>>
>> --
>> -Mike
>> Rident stolidi verba Latina.
>> -Ovid
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list