[Dnsmasq-discuss] dnsmasq (pihole) caching of HTTPS requested

Simon Kelley simon at thekelleys.org.uk
Thu Jan 19 10:57:46 UTC 2023 


On 19/01/2023 10:53, Simon Kelley wrote:
>  From a quick scan of the draft, this is not trivial.
> 
> It looks like one form of the record is effectively a re-implementation 
> of CNAME, and all replies have lots of extra processing. It's not simply 
> a case of adding the ability to store a new RRtype in the cache; replies 
> to queries for that type have to include extra records in the additional 
> section. That requires being able to do multiple upstream queries to 
> answer one downstream query, or at least to cache all the results of an 
> upstream query, on the basis that the upstream recursive resolver does 
> the complicated stuff. Neither of these is architecturally possible in 
> the current code. See section 4.2 of the draft for details.
> 

Addendum.

I just looked at the latest draft (11) rather than draft zero whixh was 
linked here. That makes it clear that the additional processing is 
optional, so simply caching SVCB recpords might be a usable option.


Opinions? I'm basing this on a 10 minute skim of the draft, does anyone 
have more information?

Simon.

> 
> Cheers,
> 
> Simon.
> 
> On 19/01/2023 00:20, Dan Schaper via Dnsmasq-discuss wrote:
>> HTTPS is a valid resource record type. It's currently in draft status 
>> but it's used in the wild rather frequently.
>>
>> https://developer.mozilla.org/en-US/docs/Glossary/https_rr
>>
>> https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/
>>
>> Best,
>> Dan
>>
>>
>> ------ Original Message ------
>>> From george at high-two.com
>> To "Gary Sakorafas" <gsakorafas at gmail.com>
>> Cc dnsmasq-discuss at lists.thekelleys.org.uk
>> Date 1/18/2023 3:37:54 PM
>> Subject Re: [Dnsmasq-discuss] dnsmasq (pihole) caching of HTTPS requested
>>
>>> HTTPS is not a DNS record, so there is nothing to cache.
>>>
>>> When you reference an URL, an HTTPS record, your system will have to
>>> look up the system name to do that.  That system name is in a DNS A
>>> record (or AAAA if you are using IPv6).
>>>
>>> On Wed, Jan 18, 2023 at 06:24:12PM -0500, Gary Sakorafas wrote:
>>>>  hello team
>>>>
>>>>  I was inquiring about pihole's lack of cache for HTTPS requests and 
>>>> they
>>>>  directed me to you.  As dnsmasq is used by pihole, is it possible 
>>>> to add
>>>>  caching for the HTTPS type?
>>>>
>>>>  *dnsmasq can only cache A, AAAA, CNAME, DS, DNSKEY and SRV. For the 
>>>> three
>>>>  latter it already utilizes blockmemory and I think this should be
>>>>  extendable rather straightforward.*
>>>
>>> -- 
>>> -Mike
>>>  Rident stolidi verba Latina.
>>>                         -Ovid
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>>

More information about the Dnsmasq-discuss mailing list