[PR #2183] [MERGED] SVCB/HTTPS RFC updates, ECH config tweaks #2867

New issue

Closed

opened 2026-03-16 11:12:31 +03:00 by kerem · 0 comments

kerem commented 2026-03-16 11:12:31 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2183
Author: @cpu
Created: 4/15/2024
Status: ✅ Merged
Merged: 4/18/2024
Merged by: @djc

Base: main ← Head: cpu-svcb-updates_dev

---

📝 Commits (10+)

• 0190b08 ci: offer a branch push pattern for easy testing
• 745bf13 svcb: update docs to ref RFC 9460
• 381a084 proto: correct ECH service parameter key
• 606dd36 rdata_parsers: reorder svcb parse helpers
• 658b02e proto: rename ECH SVCB types
• 4d7435c rdata: store wire-encoded form of ECH configs
• 7022955 rdata_parsers: support quoted SVCB parameter values
• 2cc190a rdata_parsers: add RFC 9460 test vectors
• 832a8be proto: fix parse of arbitrary keys in pres. syntax
• 1f846a1 rdata_parsers: fix handling of escaped list delim

📊 Changes

3 files changed (+464 additions, -255 deletions)

View changed files

📝 .github/workflows/test.yml (+1 -0)
📝 crates/proto/src/rr/rdata/svcb.rs (+172 -173)
📝 crates/proto/src/serialize/txt/rdata_parsers/svcb.rs (+291 -82)

📄 Description

This branch brings in some changes I've found helpful while working on client ECH support downstream in Rustls.

• Updates SVCB/HTTPS related code to cite RFC 9460. Existing text that was copied from an earlier draft is updated with the matching RFC text.
• Corrects the ECH service parameter key, RFC 9460 specifies using "ech", where as hickory was using "echconfig".
• Renames the ECH SVCB/HTTPS types from EchConfig to EchConfigList to better emphasize that the returned value's wire-encoding is a TLS-encoded ECHConfigList, as specified in draft-ietf-tls-esni-18 §4.
• Switches the held representation of the EchConfigList to be the wire-encoding, removing pre-processing that stripped the TLS encoded list length prefix. Downstream users will have an easier time with this based on existing TLS list decoding capabilities inherit to a TLS implementation. Similarly, the BASE64 presentation format is updated to encode the wire-encoded value with the prefixed length. This matches what tools like dig render for what some public implementations have published in DNS.
• Fixes support for quoted parameter values.
• Adds RFC9460 presentation format test vectors, parsing coverage.
• Fixes parsing of keys in arbitrary numeric key format.
• Fixes parsing of lists containing an escaped list delimiter.

I haven't attempted to offer backwards compatible options based on the earlier draft content. I think that it's probably not worthwhile based on the very early state of ECH support broadly.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2183 **Author:** [@cpu](https://github.com/cpu) **Created:** 4/15/2024 **Status:** ✅ Merged **Merged:** 4/18/2024 **Merged by:** [@djc](https://github.com/djc) **Base:** `main` ← **Head:** `cpu-svcb-updates_dev` --- ### 📝 Commits (10+) - [`0190b08`](https://github.com/hickory-dns/hickory-dns/commit/0190b08c116b05b088b931c602cadc5bff080269) ci: offer a branch push pattern for easy testing - [`745bf13`](https://github.com/hickory-dns/hickory-dns/commit/745bf13523dd868b3954b000854d5a29d241769a) svcb: update docs to ref RFC 9460 - [`381a084`](https://github.com/hickory-dns/hickory-dns/commit/381a08433bb411ef43c607780374a6cab9473376) proto: correct ECH service parameter key - [`606dd36`](https://github.com/hickory-dns/hickory-dns/commit/606dd3659323ee01477e036005820f7f319070a7) rdata_parsers: reorder svcb parse helpers - [`658b02e`](https://github.com/hickory-dns/hickory-dns/commit/658b02e9afe77023af0993dca82df742546ada7d) proto: rename ECH SVCB types - [`4d7435c`](https://github.com/hickory-dns/hickory-dns/commit/4d7435c3d5e8cf802f68ecb4073192981a644dba) rdata: store wire-encoded form of ECH configs - [`7022955`](https://github.com/hickory-dns/hickory-dns/commit/7022955bf633cc01b7ff8ee8c319b4fefdd8e565) rdata_parsers: support quoted SVCB parameter values - [`2cc190a`](https://github.com/hickory-dns/hickory-dns/commit/2cc190a5b208cee9a2cf7d1f0835777ec1043c5b) rdata_parsers: add RFC 9460 test vectors - [`832a8be`](https://github.com/hickory-dns/hickory-dns/commit/832a8be3165e39b40f2dc0255bafe986e7ae15ec) proto: fix parse of arbitrary keys in pres. syntax - [`1f846a1`](https://github.com/hickory-dns/hickory-dns/commit/1f846a1fa7e3e0822e8cc7ce073d56da9d4330dd) rdata_parsers: fix handling of escaped list delim ### 📊 Changes **3 files changed** (+464 additions, -255 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/test.yml` (+1 -0) 📝 `crates/proto/src/rr/rdata/svcb.rs` (+172 -173) 📝 `crates/proto/src/serialize/txt/rdata_parsers/svcb.rs` (+291 -82) </details> ### 📄 Description This branch brings in some changes I've found helpful while working on client ECH support downstream in Rustls. * Updates SVCB/HTTPS related code to cite RFC 9460. Existing text that was copied from an earlier draft is updated with the matching RFC text. * Corrects the ECH service parameter key, RFC 9460 specifies using `"ech"`, where as hickory was using `"echconfig"`. * Renames the ECH SVCB/HTTPS types from `EchConfig` to `EchConfigList` to better emphasize that the returned value's wire-encoding is a TLS-encoded `ECHConfigList`, as specified in [draft-ietf-tls-esni-18 §4](https://datatracker.ietf.org/doc/html/draft-ietf-tls-esni-18#section-4). * Switches the held representation of the `EchConfigList` to be the wire-encoding, removing pre-processing that stripped the TLS encoded list length prefix. Downstream users will have an easier time with this based on existing TLS list decoding capabilities inherit to a TLS implementation. Similarly, the BASE64 presentation format is updated to encode the wire-encoded value with the prefixed length. This matches what tools like `dig` render for what some public implementations have published in DNS. * Fixes support for quoted parameter values. * Adds RFC9460 presentation format test vectors, parsing coverage. * Fixes parsing of keys in arbitrary numeric key format. * Fixes parsing of lists containing an escaped list delimiter. I haven't attempted to offer backwards compatible options based on the earlier draft content. I think that it's probably not worthwhile based on the very early state of ECH support broadly. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-16 11:12:31 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-03-16 11:40:39 +03:00

[PR #2867] [MERGED] Remove support for async-std #3380

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

release/0.26

david/conformance-dnssec-negative-tests

query-api

opt-types

cname-nsec

no-cname-recursion

conformance-min-ttl

dname-base

drop-message-request

no-error-queries

cpu-sig0-rm-message-sig_dev

cpu-tsig-test-update_dev

windows-config

dnssec-net

release/0.25

opp-enc-persist

integration-test

cpu-tidying-recursor-opts_dev

happy-eyeballs

david/authoritative-zone-storage-trait

dnssec-ad

no-authority

release/0.24

pvdrz/remove-top-file

pvdrz/h3-handshake-timeout

pvdrz/quic-handshake-timeout

nxdomain-for-recursor

ja-test-merque-queue

ja-fix-ci-again

sz-add-ede-tests

sz-test-tc-bit-with-large-response

sz-fix-tokio-dependency

gh-2275-test-rrsig-signature

refactor-sign-zone-file

fix-1.79-cleanliness

update-nightly-hash

release/0.23

gh-pages

use-just-for-server-toml

release/0.22

revert-1874-cpu-zone-parse-default-class

disable-bind-compatibility-tests

disable-test_tls_client_stream_ipv4

update-native-tls-0.2.11

recursor-tests

fix-clippy-self

release/0.20

saethlin-fix-rdata-zero

release/0.19

flat_name

drop_unused_futures

release/0.18

release-r0.12-cs0.17

release/r0.12-cs0.17

trust-dns-book

r0.10

test-connections-not-dropped

fix_exec_status_on_rs_files

release-0.9

add-mutex-to-integration-tests

0.8_release

bfry/dns-crypt

v0.26.0

v0.26.0-beta.4

v0.26.0-beta.3

v0.26.0-beta.2

v0.26.0-beta.1

v0.26.0-alpha.1

v0.25.2

v0.25.1

v0.25.0

v0.24.4

v0.24.3

v0.25.0-alpha.5

v0.24.2

v0.25.0-alpha.4

v0.25.0-alpha.3

v0.25.0-alpha.2

v0.25.0-alpha.1

v0.24.1

v0.23.2

v0.24.0

v0.23.1

v0.23.0

v0.23.0-alpha.5

v0.23.0-alpha.4

v0.23.0-alpha.3

v0.22.1

v0.23.0-alpha.2

v0.23.0-alpha.1

v0.22.0

v0.21.2

v0.21.1

v0.21.0

v0.21.0-alpha.5

v0.20.4

v0.21.0-alpha.4

v0.21.0-alpha.3

v0.21.0-alpha.2

v0.21.0-alpha.1

v0.20.3

v0.20.2

v0.20.1

v0.19.7

v0.20.0

0.19.6

v0.20.0-alpha.3

v0.20.0-alpha.2

v0.20.0-alpha.1

0.19.5

0.19.4

0.19.3

0.19.0

0.18.1

0.18

0.18.0.alpha.2

r0.12_cs0.17

r0.11.1

cs0.16.1

r0.11

cs0.16

r0.10.1

r0.10.0

cs0.15.0

r0.9.1

v0.14.0

r0.9.0

r0.8.1

r0.8.0

v0.13.0

r0.7.0

c0.12.0

r0.6.0

r0.5.0

resolver.0.4.0

0.11.0

0.10.5

0.10.4

0.10.3

0.10.2

0.10.1

0.10.0

0.9.3

0.9.2

0.9.1

0.9.0

0.8.1

0.8.0

0.7.3

0.7.2

0.7.1

0.7.0

0.6.0

0.5.3

0.5.1

0.5.0

0.4.0

0.3.1

0.3.0

0.2.1

0.2.0

0.1.0

Labels

Clear labels   

blocked

  

breaking-change

  

bug

  

bug:critical

  

bug:tests

  

cleanup

  

compliance

  

compliance

  

compliance

  

crate:all

  

crate:client

  

crate:native-tls

  

crate:proto

  

crate:recursor

  

crate:resolver

  

crate:resolver

  

crate:rustls

  

crate:server

  

crate:util

  

dependencies

  

docs

  

duplicate

  

easy

  

easy

  

enhance

  

enhance

  

enhance

  

feature:dns-over-https

  

feature:dns-over-quic

  

feature:dns-over-tls

  

feature:dnsssec

  

feature:global_lb

  

feature:mdns

  

feature:tsig

  

features:edns

  

has workaround

  

ops

  

perf

  

platform:WASM

  

platform:android

  

platform:fuchsia

  

platform:linux

  

platform:macos

  

platform:windows

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

test

  

tools

  

tools

  

trust

  

unclear

  

wontfix

No labels

blocked

breaking-change

bug

bug:critical

bug:tests

cleanup

compliance

compliance

compliance

crate:all

crate:client

crate:native-tls

crate:proto

crate:recursor

crate:resolver

crate:resolver

crate:rustls

crate:server

crate:util

dependencies

docs

duplicate

easy

easy

enhance

enhance

enhance

feature:dns-over-https

feature:dns-over-quic

feature:dns-over-tls

feature:dnsssec

feature:global_lb

feature:mdns

feature:tsig

features:edns

has workaround

ops

perf

platform:WASM

platform:android

platform:fuchsia

platform:linux

platform:macos

platform:windows

pull-request

question

test

tools

tools

trust

unclear

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hickory-dns#2867

No description provided.