Discussion:
[musl] Feature request: TCP DNS support
Stefan Fröberg
2018-01-04 00:05:06 UTC
Permalink
Dear Sir

I have managed to compile my own, statically linked, portable little
browser that uses musl and QtWebKit.

Initial tests looks good but when testing encrypted DNS-over-TLS (which
needs TCP instead of UDP) with my system,
I could get nowhere.
So I guess musl does not yet support TCP DNS ?

Could you please add support for passing TCP DNS requests too with musl ?

It's all the rage now that Android has added support for it and the
DNS-over-TLS
standard starts to be finished, if not already finished.

Very Best Regards
Stefan Fröberg
Szabolcs Nagy
2018-01-04 00:33:08 UTC
Permalink
Post by Stefan Fröberg
So I guess musl does not yet support TCP DNS ?
Could you please add support for passing TCP DNS requests too with musl ?
even if musl supported it how would you select this option?
there is no documented interface in the libc to do that.

you can run a local nameserver with whatever configuration
instead and make the libc use that.
Szabolcs Nagy
2018-01-04 00:36:25 UTC
Permalink
Post by Szabolcs Nagy
Post by Stefan Fröberg
So I guess musl does not yet support TCP DNS ?
Could you please add support for passing TCP DNS requests too with musl ?
even if musl supported it how would you select this option?
there is no documented interface in the libc to do that.
sorry, glibc has a use-vc option in resolv.conf so there is api
for it and in principle musl could support that.
Post by Szabolcs Nagy
you can run a local nameserver with whatever configuration
instead and make the libc use that.
Stefan Fröberg
2018-01-04 12:51:21 UTC
Permalink
Hello Szabolcs Nagy
Post by Szabolcs Nagy
Post by Szabolcs Nagy
Post by Stefan Fröberg
So I guess musl does not yet support TCP DNS ?
Could you please add support for passing TCP DNS requests too with musl ?
even if musl supported it how would you select this option?
there is no documented interface in the libc to do that.
sorry, glibc has a use-vc option in resolv.conf so there is api
for it and in principle musl could support that.
Yes, I found out that long undocumented glibc option just resently too
and was wondering if
musl has something similar to force TCP DNS mode.


Best regards
Stefan Fröbreg
Rich Felker
2018-01-04 01:31:57 UTC
Permalink
Post by Stefan Fröberg
Dear Sir
I have managed to compile my own, statically linked, portable little
browser that uses musl and QtWebKit.
Initial tests looks good but when testing encrypted DNS-over-TLS (which
needs TCP instead of UDP) with my system,
I could get nowhere.
So I guess musl does not yet support TCP DNS ?
Could you please add support for passing TCP DNS requests too with musl ?
It's all the rage now that Android has added support for it and the
DNS-over-TLS
standard starts to be finished, if not already finished.
The supported way to do this with musl is via a nameserver on
localhost responding to udp queries and performing whatever backend
queries you want it to do. This (having a ns on localhost) is
fundamentally necessary for meaningful DNSSEC support anyway, too.

Even if musl did TCP itself, that wouldn't help you get DNS-over-TLS;
for that you would need a TLS stack in libc. And you really don't want
that.

Rich
Stefan Fröberg
2018-01-04 12:55:54 UTC
Permalink
Hello Rich
Post by Rich Felker
Post by Stefan Fröberg
Dear Sir
I have managed to compile my own, statically linked, portable little
browser that uses musl and QtWebKit.
Initial tests looks good but when testing encrypted DNS-over-TLS (which
needs TCP instead of UDP) with my system,
I could get nowhere.
So I guess musl does not yet support TCP DNS ?
Could you please add support for passing TCP DNS requests too with musl ?
It's all the rage now that Android has added support for it and the
DNS-over-TLS
standard starts to be finished, if not already finished.
The supported way to do this with musl is via a nameserver on
localhost responding to udp queries and performing whatever backend
queries you want it to do. This (having a ns on localhost) is
fundamentally necessary for meaningful DNSSEC support anyway, too.
Even if musl did TCP itself, that wouldn't help you get DNS-over-TLS;
for that you would need a TLS stack in libc. And you really don't want
that.
Rich
Oh, but doesn't OpenSSL handle the encryption, aka TLS part ?
What source files in musl now currently handle the namelookup ?

Best regards
Stefan Fröbreg
 

Continue reading on narkive:
Loading...