diff --git a/data-formats/df-002-dnst.md b/data-formats/df-002-dnst.md index 61c6af48..3280697c 100644 --- a/data-formats/df-002-dnst.md +++ b/data-formats/df-002-dnst.md @@ -159,13 +159,14 @@ the name because we changed our way of representing getaddrinfo-like resolutions ```JavaScript { - // fields currently used as 2022-09-08 + // fields currently used as 2025-01-31 "answer_type": "AAAA", "asn": 13335 "as_org_name": "Cloudflare, Inc." "hostname": "", "ipv4": "1.1.1.1", "ipv6": "", + "svcb": null, "ttl": null, // specified but unused or deprecated fields @@ -180,9 +181,9 @@ the name because we changed our way of representing getaddrinfo-like resolutions - `answer_type`: (`string`) like `Query.query_type`. -- `asn`: (`int`) the Authonomous System Number of the returned ipv4 or ipv6 address. +- `asn`: (`int`) the Autonomous System Number of the returned ipv4 or ipv6 address. -- `as_org_name`: (`int`) the Authonomous System organisation name of the returned ipv4 or ipv6 address. +- `as_org_name`: (`string`) the Autonomous System organisation name of the returned ipv4 or ipv6 address. - `expiration_limit` (`string`; only for SOA answers): the time after which this zone should no longer be authoritative. @@ -211,8 +212,35 @@ that should be elapsed before the zone should be retried in case of failure. - `serial_number` (`int`; only for SOA answers): version number of the original copy of the zone. +- `svcb`: (`map[string]string`; only for SCVB answers): the SVCB record, see below. + - `ttl` (`int`; nullable): the TTL if known, otherwise `null`. +### SVCB answer + +Answers with the SVCB record contain the `svcb` key that is an object like this: + +```Javascript +{ + "priority": 1, + "target_name": "dns.quad9.net.", + "params": { + "alpn": "h2", + "dohpath": "/dns-query{?dns}", + "ipv4hint": "9.9.9.9,149.112.112.112", + "ipv6hint": "2620:fe::fe", + "port": "443" + } +} +``` +The svcb object follows the SVCB specifation in RFC9460. + +- `priority`: (`string`) The SvcPriority + +- `target_name`: (`string`) The TargetName as it appears in the record. + +- `params`: (`map[string]string`) The SvcParams, as a map from string to string. + ## Example In the following example we've omitted all the keys that are diff --git a/nettests/ts-041-ddr.md b/nettests/ts-041-ddr.md new file mode 100644 index 00000000..03cefa60 --- /dev/null +++ b/nettests/ts-041-ddr.md @@ -0,0 +1,158 @@ +# Specification version number + +2025-01-21-000 + +* _status_: experimental + +# Specification name + +ddr + +# Test preconditions + +* An internet connection + +# Expected impact + +Query the DDR protocol at the local recursive resolver, thus gathering information about DoE services in designated resolvers available and suggested to the user. + +# Expected inputs + +This experiment does not require inputs. It will by default query the system-configured recursive resolver. On Linux systems, this is the recursive resolver that is configured in the `/etc/resolve.conf` file. + +This experiment can be configured to use a custom resolver. In this case, this resolver will be used. In this case the CustomResolver configuration property must be set to a domain or and IP-address, optionally providing a port. When no port is supplied, the default DNS port of 53 is used. + +# Test description + +The DDR (Discovery of Designated Resolvers) protocol is used for client to establish the connection to a encrypted DNS resolver. In most cases, DNS queries from the client are not configured with encryption by default, such as when only an IP is supplied by DHCP. With DDR a client can query a DNS recursive resolver for designated resolvers (encrypted resolvers). The recursive resolver will respond with a list of designated resolvers with their supported protocols. + +This experiment issues such a DDR query and reports the result. + +# Expected output + +## Semantics + +The `test_keys` key of the measurement has such a structure: + +```JSON +{ + "queries": [], + "supports_ddr": false, + "failure": null +} +``` + +The `supports_ddr` key is set to `true` only when the resolver returned a valid DDR response. It does not provide information about wether the designated resolver are valid. + +The key `queries` follows the df-002-dnst format, with `svcb` key filled with the ddr responses. + +A svcb record in an answer of the queries object looks like this: + +```JSON +{ + "priority": 1, + "target_name": "one.one.one.one.", + "params":{ + "alpn":"h2,h3", + "dohpath":"/dns-query{?dns}", + "ipv4hint":"1.1.1.1,1.0.0.1", + "ipv6hint":"2606:4700:4700::1111,2606:4700:4700::1001", + "port":"443" + } +} +``` + +The priority and target_name keys are directly from the SVCB record, where priority specifies the priority among the records at which use this record and target specifies the designated resolver. The key `params` is a map from string to string, that includes the keys that were specified for the SVCB record. +In the case of this example, the `params` map includes this information: + +- `alpn`: The protocol this designated resolver uses, so in this case HTTP2 or HTTP3 for DNS over HTTPS +- `dohpath`: How the URL needs to be constructed to send a DoH query to the designated resolver. +- `ipv4hint`: How to reach the resolver via IPv4 +- `ipv6hint`: How to reach the resolver via IPv6 +- `port`: The port at which to reach the resolver + +## Example output sample + +```JSON + +{ + "annotations": { + "architecture": "amd64", + "engine_name": "ooniprobe-engine", + "engine_version": "3.25.0-alpha", + "go_version": "go1.22.2", + "platform": "linux", + "vcs_modified": "true", + "vcs_revision": "8ddec182caff7c1f9d49aa76a69d2fd10733e613", + "vcs_time": "2024-12-19T14:59:47Z", + "vcs_tool": "git" + }, + "data_format_version": "0.2.0", + "input": null, + "measurement_start_time": "2025-01-31 09:58:28", + "probe_asn": "AS3320", + "probe_cc": "DE", + "probe_ip": "127.0.0.1", + "probe_network_name": "Deutsche Telekom AG", + "report_id": "20250131T095828Z_ddr_DE_3320_n1_tNwEDtCeE2KK3ZGS", + "resolver_asn": "AS42", + "resolver_ip": "74.63.24.222", + "resolver_network_name": "WoodyNet, Inc.", + "software_name": "miniooni", + "software_version": "3.25.0-alpha", + "test_keys": { + "queries": { + "answers": [ + { + "answer_type": "SVCB", + "ttl": null, + "svcb": { + "priority": 2, + "target_name": "dns.quad9.net.", + "params": { + "alpn": "h2", + "dohpath": "/dns-query{?dns}", + "ipv4hint": "9.9.9.9,149.112.112.112", + "ipv6hint": "2620:fe::fe", + "port": "443" + } + } + }, + { + "answer_type": "SVCB", + "ttl": null, + "svcb": { + "priority": 2, + "target_name": "dns.quad9.net.", + "params": { + "alpn": "h2", + "dohpath": "/dns-query{?dns}", + "ipv4hint": "9.9.9.9,149.112.112.112", + "ipv6hint": "2620:fe::fe", + "port": "443" + } + } + } + ], + "engine": "udp", + "failure": null, + "hostname": "_dns.resolver.arpa.", + "query_type": "SVCB", + "raw_response": "xnuBAAABAAIAAAAEBF9kbnMIcmVzb2x2ZXIEYXJwYQAAQAABwAwAQAABAAAAPAA/AAEDZG5zBXF1YWQ5A25ldAAAAQAEA2RvdAADAAIDVQAEAAgJCQkJlXBwcAAGABAmIAD+AAAAAAAAAAAAAAD+wAwAQAABAAAAPABSAAIDZG5zBXF1YWQ5A25ldAAAAQADAmgyAAMAAgG7AAQACAkJCQmVcHBwAAYAECYgAP4AAAAAAAAAAAAAAP4ABwAQL2Rucy1xdWVyeXs/ZG5zfQNkbnMFcXVhZDkDbmV0AAABAAEAAAA8AAQJCQkJwM0AAQABAAAAPAAElXBwcMDNABwAAQAAADwAECYgAP4AAAAAAAAAAAAAAP4AACkE0AAAgAAAAA==", + "resolver_hostname": null, + "resolver_port": null, + "resolver_address": "192.168.10.1:53", + "t0": 0.000070584, + "t": 0.013585498, + "tags": null + }, + "supports_ddr": true, + "failure": null + }, + "test_name": "ddr", + "test_runtime": 0.013683332, + "test_start_time": "2025-01-31 09:58:28", + "test_version": "0.1.0" +} + +``` \ No newline at end of file