Feature request: TCP DNS support

Feature request: TCP DNS support

[Stefan Fröberg]

Dear Sir

I have managed to compile my own, statically linked, portable little
browser that uses musl and QtWebKit.

Initial tests looks good but when testing encrypted DNS-over-TLS (which
needs TCP instead of UDP) with my system,
I could get nowhere.
So I guess musl does not yet support TCP DNS ?

Could you please add support for passing TCP DNS requests too with musl ?

It's all the rage now that Android has added support for it and the
DNS-over-TLS
standard starts to be finished, if not already finished.

Very Best Regards
Stefan Fröberg

Re: Feature request: TCP DNS support

[Szabolcs Nagy]

* Stefan Fröberg <stefan.froberg@petroprogram.com> [2018-01-04 02:05:06 +0200]:
> So I guess musl does not yet support TCP DNS ?
> 
> Could you please add support for passing TCP DNS requests too with musl ?

even if musl supported it how would you select this option?
there is no documented interface in the libc to do that.

you can run a local nameserver with whatever configuration
instead and make the libc use that.

Re: Feature request: TCP DNS support

[Szabolcs Nagy]

* Szabolcs Nagy <nsz@port70.net> [2018-01-04 01:33:08 +0100]:
> * Stefan Fröberg <stefan.froberg@petroprogram.com> [2018-01-04 02:05:06 +0200]:
> > So I guess musl does not yet support TCP DNS ?
> > 
> > Could you please add support for passing TCP DNS requests too with musl ?
> 
> even if musl supported it how would you select this option?
> there is no documented interface in the libc to do that.
> 

sorry, glibc has a use-vc option in resolv.conf so there is api
for it and in principle musl could support that.

> you can run a local nameserver with whatever configuration
> instead and make the libc use that.

Re: Feature request: TCP DNS support

[Rich Felker]

On Thu, Jan 04, 2018 at 02:05:06AM +0200, Stefan Fröberg wrote:
> Dear Sir
> 
> I have managed to compile my own, statically linked, portable little
> browser that uses musl and QtWebKit.
> 
> Initial tests looks good but when testing encrypted DNS-over-TLS (which
> needs TCP instead of UDP) with my system,
> I could get nowhere.
> So I guess musl does not yet support TCP DNS ?
> 
> Could you please add support for passing TCP DNS requests too with musl ?
> 
> It's all the rage now that Android has added support for it and the
> DNS-over-TLS
> standard starts to be finished, if not already finished.

The supported way to do this with musl is via a nameserver on
localhost responding to udp queries and performing whatever backend
queries you want it to do. This (having a ns on localhost) is
fundamentally necessary for meaningful DNSSEC support anyway, too.

Even if musl did TCP itself, that wouldn't help you get DNS-over-TLS;
for that you would need a TLS stack in libc. And you really don't want
that.

Rich

Re: Feature request: TCP DNS support

[Stefan Fröberg]

Hello Szabolcs Nagy


Szabolcs Nagy kirjoitti 04.01.2018 klo 02:36:
> * Szabolcs Nagy <nsz@port70.net> [2018-01-04 01:33:08 +0100]:
>> * Stefan Fröberg <stefan.froberg@petroprogram.com> [2018-01-04 02:05:06 +0200]:
>>> So I guess musl does not yet support TCP DNS ?
>>>
>>> Could you please add support for passing TCP DNS requests too with musl ?
>> even if musl supported it how would you select this option?
>> there is no documented interface in the libc to do that.
>>
> sorry, glibc has a use-vc option in resolv.conf so there is api
> for it and in principle musl could support that.
>
>
Yes, I found out that long undocumented glibc option just resently too
and was wondering if
musl has something similar to force TCP DNS mode.


Best regards
Stefan Fröbreg

Re: Feature request: TCP DNS support

[Stefan Fröberg]

Hello Rich


Rich Felker kirjoitti 04.01.2018 klo 03:31:
> On Thu, Jan 04, 2018 at 02:05:06AM +0200, Stefan Fröberg wrote:
>> Dear Sir
>>
>> I have managed to compile my own, statically linked, portable little
>> browser that uses musl and QtWebKit.
>>
>> Initial tests looks good but when testing encrypted DNS-over-TLS (which
>> needs TCP instead of UDP) with my system,
>> I could get nowhere.
>> So I guess musl does not yet support TCP DNS ?
>>
>> Could you please add support for passing TCP DNS requests too with musl ?
>>
>> It's all the rage now that Android has added support for it and the
>> DNS-over-TLS
>> standard starts to be finished, if not already finished.
> The supported way to do this with musl is via a nameserver on
> localhost responding to udp queries and performing whatever backend
> queries you want it to do. This (having a ns on localhost) is
> fundamentally necessary for meaningful DNSSEC support anyway, too.
>
> Even if musl did TCP itself, that wouldn't help you get DNS-over-TLS;
> for that you would need a TLS stack in libc. And you really don't want
> that.
>
> Rich

Oh, but doesn't OpenSSL handle the encryption, aka TLS part ?
What source files in musl now currently handle the namelookup ?

Best regards
Stefan Fröbreg