Support Discovery of Designated Resolvers (RFC9462)
Hi,
I have previously posted a Q&A about DDR support https://help.nextdns.io/t/h7hcqly/nextdns-will-support-ddr-encrypted-upgrade-to-use-ultralow-server
I suggest NextDNS support DDR, so that devices/browsers will automatically upgrade to use encrypted DNS with ultralow servers, when devices/browsers use the network with DNS as NextDNS (45.90.28.x/25.90.30.x).
And now DDR is standard with RFC 9462 https://datatracker.ietf.org/doc/rfc9462/
Currently, NextDNS does not support DDR
; <<>> DiG 9.16.28 <<>> _dns.resolver.arpa type64 @45.90.28.0
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53899
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_dns.resolver.arpa. IN SVCB
;; AUTHORITY SECTION:
arpa. 2997 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2024070800 1800 900 604800 86400
;; Query time: 57 msec
;; SERVER: 45.90.28.0#53(45.90.28.0)
;; WHEN: Mon Jul 08 14:02:01 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 123
But, DNS0.eu already has DDR support
; <<>> DiG 9.16.28 <<>> _dns.resolver.arpa type64 @193.110.81.0
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2932
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;_dns.resolver.arpa. IN SVCB
;; ANSWER SECTION:
_dns.resolver.arpa. 60 IN SVCB 1 dns0.eu. alpn="h3,h2" port=443 ipv4hint=194.68.44.243,5.181.25.70 ipv6hint=2a03:f80:40:639d::1,2a03:90c0:4c0:2903::49 key7="/"
_dns.resolver.arpa. 60 IN SVCB 1 dns0.eu. alpn="dot,doq" port=853 ipv4hint=194.68.44.243,5.181.25.70 ipv6hint=2a03:f80:40:639d::1,2a03:90c0:4c0:2903::49
;; ADDITIONAL SECTION:
dns0.eu. 60 IN A 194.68.44.243
dns0.eu. 60 IN A 5.181.25.70
dns0.eu. 60 IN AAAA 2a03:f80:40:639d::1
dns0.eu. 60 IN AAAA 2a03:90c0:4c0:2903::49
;; Query time: 201 msec
;; SERVER: 193.110.81.0#53(193.110.81.0)
;; WHEN: Mon Jul 08 14:01:10 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 316
Also, I checked Google DNS, OpenDNS, Quad9, Cloudflare DNS all support DDR
; <<>> DiG 9.16.28 <<>> _dns.resolver.arpa type64 @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40765
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION:
;_dns.resolver.arpa. IN SVCB
;; ANSWER SECTION:
_dns.resolver.arpa. 86400 IN SVCB 1 dns.google. alpn="dot"
_dns.resolver.arpa. 86400 IN SVCB 2 dns.google. alpn="h2,h3" key7="/dns-query{?dns}"
;; ADDITIONAL SECTION:
dns.google. 86400 IN A 8.8.8.8
dns.google. 86400 IN A 8.8.4.4
dns.google. 86400 IN AAAA 2001:4860:4860::8888
dns.google. 86400 IN AAAA 2001:4860:4860::8844
;; Query time: 66 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jul 08 13:59:16 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 224
; <<>> DiG 9.16.28 <<>> _dns.resolver.arpa type64 @208.67.220.220
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4387
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1410
;; QUESTION SECTION:
;_dns.resolver.arpa. IN SVCB
;; ANSWER SECTION:
_dns.resolver.arpa. 300 IN SVCB 5 dns.opendns.com. alpn="dot" port=853 ipv4hint=208.67.220.220,208.67.222.222 ipv6hint=2620:119:35::35,2620:119:53::53
_dns.resolver.arpa. 300 IN SVCB 5 dns.umbrella.com. alpn="dot" port=853 ipv4hint=208.67.220.220,208.67.222.222 ipv6hint=2620:119:35::35,2620:119:53::53
_dns.resolver.arpa. 300 IN SVCB 10 dns.opendns.com. alpn="h2" ipv4hint=208.67.220.220,208.67.222.222 ipv6hint=2620:119:35::35,2620:119:53::53 key7="/dns-query{?dns}"
_dns.resolver.arpa. 300 IN SVCB 10 dns.umbrella.com. alpn="h2" ipv4hint=208.67.220.220,208.67.222.222 ipv6hint=2620:119:35::35,2620:119:53::53 key7="/dns-query{?dns}"
_dns.resolver.arpa. 300 IN SVCB 20 doh.opendns.com. alpn="h2" ipv4hint=146.112.41.2 ipv6hint=2620:119:fc::2 key7="/dns-query{?dns}"
_dns.resolver.arpa. 300 IN SVCB 20 doh.umbrella.com. alpn="h2" ipv4hint=146.112.41.2 ipv6hint=2620:119:fc::2 key7="/dns-query{?dns}"
;; Query time: 54 msec
;; SERVER: 208.67.220.220#53(208.67.220.220)
;; WHEN: Mon Jul 08 13:59:44 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 620
; <<>> DiG 9.16.28 <<>> _dns.resolver.arpa type64 @9.9.9.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31720
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_dns.resolver.arpa. IN SVCB
;; ANSWER SECTION:
_dns.resolver.arpa. 60 IN SVCB 1 dns.quad9.net. alpn="dot" port=853 ipv4hint=9.9.9.9,149.112.112.112 ipv6hint=2620:fe::fe
_dns.resolver.arpa. 60 IN SVCB 2 dns.quad9.net. alpn="h2" port=443 ipv4hint=9.9.9.9,149.112.112.112 ipv6hint=2620:fe::fe key7="/dns-query{?dns}"
;; ADDITIONAL SECTION:
dns.quad9.net. 60 IN A 9.9.9.9
dns.quad9.net. 60 IN A 149.112.112.112
dns.quad9.net. 60 IN AAAA 2620:fe::fe
;; Query time: 49 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Mon Jul 08 14:00:08 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 289
; <<>> DiG 9.16.28 <<>> _dns.resolver.arpa type64 @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45634
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_dns.resolver.arpa. IN SVCB
;; ANSWER SECTION:
_dns.resolver.arpa. 300 IN SVCB 1 one.one.one.one. alpn="h2,h3" port=443 ipv4hint=1.1.1.1,1.0.0.1 ipv6hint=2606:4700:4700::1111,2606:4700:4700::1001 key7="/dns-query{?dns}"
_dns.resolver.arpa. 300 IN SVCB 2 one.one.one.one. alpn="dot" port=853 ipv4hint=1.1.1.1,1.0.0.1 ipv6hint=2606:4700:4700::1111,2606:4700:4700::1001
;; ADDITIONAL SECTION:
one.one.one.one. 300 IN A 1.1.1.1
one.one.one.one. 300 IN A 1.0.0.1
one.one.one.one. 300 IN AAAA 2606:4700:4700::1111
one.one.one.one. 300 IN AAAA 2606:4700:4700::1001
;; Query time: 34 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Jul 08 14:00:48 SE Asia Standard Time 2024
;; MSG SIZE rcvd: 358
Hopefully the NextDNS team will consider this idea. Thanks!
10 replies
-
Up vote
-
up vote
-
Good Idea
-
up vote
-
great idea
-
Vote idea
-
5 stars!
-
up vote!
-
@BigDargon can you tell, which dig commands you did use in that case?
Content aside
-
14
Likes
- 3 mths agoLast active
- 10Replies
- 162Views
-
10
Following