BeryJu/gravity

Support HTTPS DNS records

Opened this issue · 1 comments

Cloudflare uses these new HTTPS records to speed up TLS, and at least chrome based browsers are starting to use them.

In my particular use-case I override a specific subdomain for local only use local.mydomain.tld:
Overrided A and AAAA records point to a local IP on my network. This has been working fine for years.
Now the browser is asking for HTTPS record instead, which gets forwarded to Cloudflare DNS upstream, and returns the public, external IP address, breaking local connections intermittently.

For anyone else in the same boat, hook workaround:

function onDNSRequestAfter(request, response) {
    for (let i = 0; i < response.Answer.length; i++) {
        const rr = response.Answer[i];
        const header = rr.Header();

        if (header && header.Rrtype === 65) {
            response.Answer[i] = null;
        }
    }

    response.Answer = response.Answer.filter(rr => rr !== null);
}