Mastodawn

🌘 RFC 9460 - 透過 DNS 指定服務綁定與參數 (SVCB 和 HTTPS 資源紀錄)
➤ DNS 升級：SVCB 和 HTTPS 紀錄如何簡化服務連線與參數指定
✤ https://datatracker.ietf.org/doc/html/rfc9460
這份 RFC 文件介紹了新的 DNS 資源紀錄類型 SVCB 和 HTTPS，旨在提供更詳盡的服務連線資訊。SVCB 紀錄允許服務透過多個替代終端點提供，並附帶傳輸協定配置等參數，且具備擴展性以支援未來用途（如 TLS ClientHello 加密金鑰）。此外，SVCB 也克服了 CNAME 紀錄在根網域別名設定上的限制。HTTPS 紀錄則是 SVCB 針對 HTTP 協議的特化版本。透過在連線建立前提供更多資訊，這些新紀錄能提升效能並加強隱私保護。
+ 這個更新聽起來非常棒，希望能加速 HTTP/3 和 ECH 的普及。
+ 很高興看到 DNS 紀錄能提供更多彈性，特別是對於根網域的別名設定。
#DNS #RFC #SVCB #HTTPS #網路協議 #服務綁定

RFC 9460: Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)

This document specifies the "SVCB" ("Service Binding") and "HTTPS" DNS resource record (RR) types to facilitate the lookup of information needed to make connections to network services, such as for HTTP origins. SVCB records allow a service to be provided from multiple alternative endpoints, each with associated parameters (such as transport protocol configuration), and are extensible to support future uses (such as keys for encrypting the TLS ClientHello). They also enable aliasing of apex domains, which is not possible with CNAME. The HTTPS RR is a variation of SVCB for use with HTTP (see RFC 9110, "HTTP Semantics"). By providing more information to the client before it attempts to establish a connection, these records offer potential benefits to both performance and privacy.

IETF Datatracker

N-gated Hacker News 5h ago

🚨 BREAKING: #RFC9460 claims to revolutionize the #DNS landscape with #SVCB and #HTTPS records, but spoiler alert—it's just another jargon-filled proposal destined to collect digital dust. 🌐📜 Meanwhile, DNS admins everywhere are thrilled to have more acronyms to ignore. 🙄✨
https://datatracker.ietf.org/doc/html/rfc9460 #DigitalDust #DNSAdmins #HackerNews #ngated

RFC 9460: Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)

This document specifies the "SVCB" ("Service Binding") and "HTTPS" DNS resource record (RR) types to facilitate the lookup of information needed to make connections to network services, such as for HTTP origins. SVCB records allow a service to be provided from multiple alternative endpoints, each with associated parameters (such as transport protocol configuration), and are extensible to support future uses (such as keys for encrypting the TLS ClientHello). They also enable aliasing of apex domains, which is not possible with CNAME. The HTTPS RR is a variation of SVCB for use with HTTP (see RFC 9110, "HTTP Semantics"). By providing more information to the client before it attempts to establish a connection, these records offer potential benefits to both performance and privacy.

IETF Datatracker

Hacker News 5h ago

RFC9460: SVCB and HTTPS DNS Records

https://datatracker.ietf.org/doc/html/rfc9460

#HackerNews #RFC9460 #SVCB #HTTPS #DNS #Records #IETF #TechNews #Networking

RFC 9460: Service Binding and Parameter Specification via the DNS (SVCB and HTTPS Resource Records)

This document specifies the "SVCB" ("Service Binding") and "HTTPS" DNS resource record (RR) types to facilitate the lookup of information needed to make connections to network services, such as for HTTP origins. SVCB records allow a service to be provided from multiple alternative endpoints, each with associated parameters (such as transport protocol configuration), and are extensible to support future uses (such as keys for encrypting the TLS ClientHello). They also enable aliasing of apex domains, which is not possible with CNAME. The HTTPS RR is a variation of SVCB for use with HTTP (see RFC 9110, "HTTP Semantics"). By providing more information to the client before it attempts to establish a connection, these records offer potential benefits to both performance and privacy.

IETF Datatracker

Jote 🏳️‍🌈

7h ago

So... I finally took the leap and replaced my internal #dns from #pihole to #Technitium and still do network level ad block and stuff like that.

GripNews 11h ago

🌗 RIP pthread_cancel： libcurl 捨棄用於中斷 getaddrinfo() 的多執行緒機制
➤ libcurl 因記憶體洩漏問題，放棄利用 pthread_cancel() 中斷 DNS 解析的策略
✤ https://eissing.org/icing/posts/rip_pthread_cancel/
libcurl 在 8.16.0 版本中引入了使用 pthread_cancel() 來中斷長時間執行的 getaddrinfo() 呼叫，以避免封鎖主執行緒。然而，此機制導致了記憶體洩漏問題，因為在處理 DNS 解析時，getaddrinfo() 讀取 /etc/gai.conf 的過程可能成為取消點，進而洩漏已分配的記憶體。儘管 glibc 的設計未能完全防止此類洩漏，libcurl 團隊仍決定捨棄 pthread_cancel()，改為接受 getaddrinfo() 可能造成的延遲，並建議使用者考慮使用 c-ares 來進行非同步 DNS 解析。
+ 這真是個令人頭
#網路 #DNS #libcurl #多執行緒 #pthread_cancel

RIP pthread_cancel

I posted about adding pthread_cancel use in curl about three weeks ago, we released this in curl 8.16.0 and it blew up right in our faces. Now, with #18540 we are ripping it out again. What happened? short recap pthreads define “Cancelation points”, a list of POSIX functions where a pthread may be cancelled. In addition, there is also a list of functions that may be cancelation points, among those getaddrinfo(). getaddrinfo() is exactly what we are interested in for libcurl. It blocks until it has resolved a name. That may hang for a long time and libcurl is unable to do anything else. Meh. So, we start a pthread and let that call getaddrinfo(). libcurl can do other things while that thread runs.

icing's blog

Manuel Maag 🎶1d ago

Der Unterschied ist schon der Hammer.

Seit ich hier #pihole am laufen habe, sehe ich mal, was die einzelnen #Geräte so alles in die Welt hinaus posaunen wollen.

Platz 1 der geblockten Anfragen ein #SmartTV, 2 ein #WindowsPC und ganz weit abgeschlagen auf Platz 10 eine #linuxworkstation .

#tracking #blocking #dns #linux

Nate Metzger 1d ago

If you don't have a scrollbar on your #dns are you even #selfhosting properly?

Adam ♿1d ago

Yes, I generally need resolution from a #DNS server.

Reddit Tech VN Bot 1d ago

🤔 Người dùng thắc mắc về số lượng truy vấn DNS lớn từ Jellyfin so với các dịch vụ khác như Qbittorrent và Jellyseerr. Nghi ngờ có thể do metadata hoặc ứng dụng Homarr (ứng dụng trang chủ) sử dụng domain nội bộ của Jellyfin.

#Jellyfin #DNS #Homarr #selfhosting #tựlưu trữ #mạng

https://www.reddit.com/r/selfhosted/comments/1nffncz/any_idea_why_jellyfin_makes_so_many_dns_queries/

CyberDigests.com 1d ago

CoreDNS Cache Poisoning Vulnerability - A critical vulnerability in CoreDNS allows attackers with etcd write access to poison DNS caches for years, disrupting service availability and integrity. The flaw misinterprets lease IDs as TTL... #dns #cybersec

https://cyberdigests.com/article/143

Spyware's Shadowy Growth

The global spyware market is rapidly expanding, fueled by a tripling of U.S. investment despite governmental concerns. This growth is accompanied by increasing