[GH-ISSUE #1489] Having trouble pulling an ECH record #681

Closed
opened 2026-03-15 23:47:48 +03:00 by kerem · 1 comment
Owner

Originally created by @sayrer on GitHub (May 17, 2021).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1489

I have it working well enough to pull what I think is the right SVCB pair, but I'm not sure how to get the value:

use trust_dns_resolver::config::*;
use trust_dns_resolver::Resolver;
use trust_dns_resolver::proto::rr::{RecordType, RData};
use trust_dns_resolver::proto::rr::record_type::RecordType::HTTPS;
use trust_dns_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue};

fn main() {
    let domain = "crypto.cloudflare.com.";
    let dns_config = ResolverConfig::cloudflare_https();
    let opts = ResolverOpts::default();
    let resolver = Resolver::new(dns_config, opts).unwrap();
    let ech_config = lookup(&resolver, domain).unwrap();
    let key = ech_config.0.to_string();
    println!("key: {:?}", key);
    assert_eq!("echconfig", key);
    println!("ech_config: {:?}", ech_config.1);
}

fn lookup(resolver: &Resolver, domain: &str) -> Option<(SvcParamKey, SvcParamValue)> {
    let lookup = resolver.lookup(domain, RecordType::HTTPS).unwrap();
    let record = lookup.record_iter().find(|r| r.rr_type() == HTTPS).map(|r|{
        if let RData::HTTPS(svcb) = r.rdata() {
            Some(svcb.svc_params().iter().find(|sp| {
                sp.0 == SvcParamKey::EchConfig
            }))
        } else {
            None
        }
    }).flatten();

    match record {
        Some(Some(record)) => Some(record.clone()),
        _ => None
    }
}

For comparison, here is some Python that pulls the same record:

#!/usr/bin/env python3

import dns.resolver

resolver = dns.resolver.Resolver(configure=False)
resolver.nameservers = ['1.1.1.1']

answer = resolver.resolve('crypto.cloudflare.com.', 'HTTPS')

print(answer.rrset)

prints

crypto.cloudflare.com. 206 IN HTTPS 1 . alpn="h2" ipv4hint="162.159.135.79,162.159.136.79" echconfig="AEj+CgBE9AAgACCMBzfTBDYU0VvYYRdHVu/aZf0FcvIggfIcwyZGzHjsEwAEAAEAAQAAABNjbG91ZGZsYXJlLWVzbmkuY29tAAA=" ipv6hint="2606:4700:7::a29f:874f,2606:4700:7::a29f:884f"```
Originally created by @sayrer on GitHub (May 17, 2021). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1489 I have it working well enough to pull what I think is the right SVCB pair, but I'm not sure how to get the value: ``` use trust_dns_resolver::config::*; use trust_dns_resolver::Resolver; use trust_dns_resolver::proto::rr::{RecordType, RData}; use trust_dns_resolver::proto::rr::record_type::RecordType::HTTPS; use trust_dns_resolver::proto::rr::rdata::svcb::{SvcParamKey, SvcParamValue}; fn main() { let domain = "crypto.cloudflare.com."; let dns_config = ResolverConfig::cloudflare_https(); let opts = ResolverOpts::default(); let resolver = Resolver::new(dns_config, opts).unwrap(); let ech_config = lookup(&resolver, domain).unwrap(); let key = ech_config.0.to_string(); println!("key: {:?}", key); assert_eq!("echconfig", key); println!("ech_config: {:?}", ech_config.1); } fn lookup(resolver: &Resolver, domain: &str) -> Option<(SvcParamKey, SvcParamValue)> { let lookup = resolver.lookup(domain, RecordType::HTTPS).unwrap(); let record = lookup.record_iter().find(|r| r.rr_type() == HTTPS).map(|r|{ if let RData::HTTPS(svcb) = r.rdata() { Some(svcb.svc_params().iter().find(|sp| { sp.0 == SvcParamKey::EchConfig })) } else { None } }).flatten(); match record { Some(Some(record)) => Some(record.clone()), _ => None } } ``` For comparison, here is some Python that pulls the same record: ``` #!/usr/bin/env python3 import dns.resolver resolver = dns.resolver.Resolver(configure=False) resolver.nameservers = ['1.1.1.1'] answer = resolver.resolve('crypto.cloudflare.com.', 'HTTPS') print(answer.rrset) ``` prints ``` crypto.cloudflare.com. 206 IN HTTPS 1 . alpn="h2" ipv4hint="162.159.135.79,162.159.136.79" echconfig="AEj+CgBE9AAgACCMBzfTBDYU0VvYYRdHVu/aZf0FcvIggfIcwyZGzHjsEwAEAAEAAQAAABNjbG91ZGZsYXJlLWVzbmkuY29tAAA=" ipv6hint="2606:4700:7::a29f:874f,2606:4700:7::a29f:884f"```
kerem closed this issue 2026-03-15 23:47:53 +03:00
Author
Owner

@sayrer commented on GitHub (May 17, 2021):

Oh, I see it's being base64 decoded in Trust-Dns. Didn't expect that.

<!-- gh-comment-id:842713573 --> @sayrer commented on GitHub (May 17, 2021): Oh, I see it's being base64 decoded in Trust-Dns. Didn't expect that.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hickory-dns#681
No description provided.