Skip to content

HTTPS-RR not using custom port in query #19301

New issue
New issue
Closed
Closed
HTTPS-RR not using custom port in query#19301
Assignees
bagder
Labels
HTTPS-RR
@Gunni

Description

@Gunni
Gunni
opened on Oct 31, 2025

I did this

When connecting to https://example.com:4444 and using HTTPS-RR, the client should request the HTTPS type DNS record at _4444._https.example.com, not example.com.

https://datatracker.ietf.org/doc/html/rfc9460#appendix-B

using resolvectl monitor i see the query:

← A: example.com IN HTTPS 1 . alpn="h3,h2" no-default-alpn ipv4hint=<redacted> ech="<redacted>" ipv6hint=<redacted>

for curl https://example.com:4444 with httpsrr amongst others (see below) compiled in:

Details build scripts for my curl

Note, relevant environment variables:

key value
CFLAGS '-O3 -march=native -flto'
PKG_CONFIG_PATH ~/.local/share/nghttp3/lib/pkgconfig:~/.local/share/openssl/lib64/pkgconfig:$PKG_CONFIG_PATH
LD_LIBRARY_PATH ~/.local/share/nghttp3/lib:~/.local/share/openssl/lib64:$LD_LIBRARY_PATH
NGHTTP3_LIBS "-L/home/<redacted>/.local/share/nghttp3"
OPENSSL_LIBS "-L/home/<redacted>/.local/share/openssl"
PATH ~/.local/share/openssl/bin:~/.local/share/curl/bin:$PATH
`curl` 
#!/bin/bash

IFS=$'\n\t'
set -euo pipefail

unset -v LD_PRELOAD
LD_PRELOAD=/usr/lib64/libeatmydata.so

set -x

make uninstall && \
make clean && \
LDFLAGS="-Wl,-rpath,$HOME/.local/share/curl/lib" \
./configure \
        --prefix=$HOME/.local/share/curl \
        --with-openssl \
        --with-openssl-quic \
        --disable-docs \
        --enable-httpsrr \
        --enable-ares \
        --enable-threaded-resolver \
        --with-zlib \
        --with-zstd \
        --with-libidn2 \
        --enable-ech \
        --enable-debug \
        && \
read && \
make -j $(nproc) && \
rm -rf $HOME/.local/share/curl && \
make install
`nghttp3` 
#!/bin/bash

IFS=$'\n\t'
set -euo pipefail

LD_PRELOAD=/usr/lib64/libeatmydata.so

set -x

make uninstall && \
make clean && \
./configure --prefix=$HOME/.local/share/nghttp3 --enable-lib-only && \
read && \
make && \
make install
`openssl` (branch feature/ech) 
#!/bin/bash

IFS=$'\n\t'
set -euo pipefail

LD_PRELOAD=/usr/lib64/libeatmydata.so

set -x

make uninstall && \
make clean && \
./config \
        --prefix=$HOME/.local/share/openssl \
        enable-quic \
        enable-ech \
        no-docs \
        no-tests \
        && \
perl configdata.pm --dump && \
read && \
make -j $(nproc) && \
make install
`other` Other libraries are installed via dnf on my Fedora 43 system.

I expected the following

A DNS query for _4444._https.example.com

← A: _4444._https.example.com IN HTTPS 1 . alpn="h3" no-default-alpn ipv4hint=<redacted> ech="<redacted>" ipv6hint=<redacted>

curl/libcurl version

WARNING: this libcurl is Debug-enabled, do not use in production

curl 8.17.0-DEV (x86_64-pc-linux-gnu) libcurl/8.17.0-DEV OpenSSL/3.6.0 zlib/1.3.1.zlib-ng zstd/1.5.7 c-ares/1.34.5 libidn2/2.3.8 libpsl/0.21.5 nghttp2/1.66.0 nghttp3/1.13.0-DEV OpenLDAP/2.6.10
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc asyn-rr AsynchDNS Debug ECH HSTS HTTP2 HTTP3 HTTPS-proxy HTTPSRR IDN IPv6 Largefile libz NTLM PSL SSL threadsafe TLS-SRP TrackMemory UnixSockets zstd

operating system

Linux 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025 x86_64 GNU/Linux

  • Fedora Linux 43 (Container Image)

Metadata

Metadata

Assignees

Labels

HTTPS-RR

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions