Skip to content

Add DNS-over-HTTPS resolution library (-sDOH_DNS)#2

Closed
maceip wants to merge 1 commit intomainfrom
claude/doh-dns-resolution-13le6
Closed

Add DNS-over-HTTPS resolution library (-sDOH_DNS)#2
maceip wants to merge 1 commit intomainfrom
claude/doh-dns-resolution-13le6

Conversation

@maceip
Copy link
Owner

@maceip maceip commented Mar 5, 2026
edited
Loading

Summary

Standalone DNS-over-HTTPS library that replaces Emscripten's static 172.29.x.x DNS with lookups via fetch() to dns.google's JSON API. Split out from the Direct Sockets PR (emscripten-core#26374 on emscripten-core) per @sbc100's review feedback.

  • Real DNS resolution: A and AAAA records via DoH, with TTL-based caching
  • HTTPS/SVCB records (RFC 9460, type 65): queries for ALPN protocol hints (h2/h3), IP address hints (pre-seeds A/AAAA cache to avoid extra lookups), port overrides — the new DNS record type that browsers use internally for HTTP/3 discovery and Encrypted Client Hello
  • Full code path coverage: overrides both _emscripten_lookup_name (used by gethostbyname) and getaddrinfo (which calls DNS.lookup_name directly, not _emscripten_lookup_name)
  • IPv6 support: proper AAAA queries in getaddrinfo instead of wrapping fake IPv4 as v4-mapped IPv6
  • Reverse DNS: cache integrates with DNS.address_map so getnameinfo/gethostbyaddr return real hostnames
  • Graceful fallback: if DoH fetch fails (no network, CORS, etc), falls back to Emscripten's existing fake DNS

Why this exists

Emscripten's default DNS assigns IPs in the 172.29.0.0/16 range and maintains a bidirectional map. This works for WebSocket-proxy networking where the proxy resolves DNS, but breaks for:

  1. Code that uses IPs — logging, IP-based ACLs, comparisons against known addresses all see 172.29.x.x instead of real IPs
  2. IPv6_emscripten_lookup_name is IPv4-only; getaddrinfo with AF_INET6 returns a v4-mapped fake address
  3. HTTPS records — modern DNS advertises HTTP/3 support, alternative endpoints, and ECH keys via type 65 records; none of this is available with fake DNS
  4. Isolated Web Apps — IWAs using Direct Sockets can fetch() external HTTPS endpoints but have no traditional DNS API; DoH via fetch is the natural solution

Usage

emcc -sDOH_DNS -sASYNCIFY app.c
# or with JSPI
emcc -sDOH_DNS -sJSPI app.c

Works with any networking backend (Direct Sockets, WebSocket proxy, etc).

Files changed

File Change
src/lib/libdoh.js New DoH library: $DOH_DNS module + _emscripten_lookup_name + getaddrinfo overrides
src/settings.js Add DOH_DNS build setting
src/modules.mjs Load libdoh.js when DOH_DNS enabled
test/test_other.py Test that getaddrinfo works with -sDOH_DNS (validates fallback path)

Test plan

  • test_getaddrinfo_doh passes (fallback to fake DNS when DoH unavailable)
  • Existing test_getaddrinfo still passes (no regression)
  • Manual test in browser/IWA context with real DNS resolution

https://claude.ai/code/session_013tMRcS8HLZpNDZ4vLoNp7C

@claude
add DNS-over-HTTPS resolution library (-sDOH_DNS)
b0b64cc 
standalone DoH library that replaces emscripten's fake 172.29.x.x DNS
with real lookups via fetch() to dns.google JSON API.

features:
- A and AAAA record resolution with TTL-based caching
- HTTPS/SVCB record support (RFC 9460 type 65): ALPN hints (h2/h3),
  IP address hints (pre-seeds A/AAAA cache), port overrides
- reverse lookup cache integrates with getnameinfo/gethostbyaddr
- overrides both _emscripten_lookup_name and getaddrinfo for full
  coverage of all DNS code paths
- proper IPv6 in getaddrinfo (AAAA queries instead of v4-mapped fakes)
- graceful fallback to emscripten fake DNS if DoH fetch fails

works with any networking backend (direct sockets, websocket proxy, etc).
split out from direct sockets PR per sbc100 review feedback.

usage: emcc -sDOH_DNS -sASYNCIFY app.c

https://claude.ai/code/session_013tMRcS8HLZpNDZ4vLoNp7C
@maceip maceip closed this Mar 5, 2026
@maceip maceip deleted the claude/doh-dns-resolution-13le6 branch March 5, 2026 22:34
@sbc100
Copy link

sbc100 commented Mar 6, 2026

Why close this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@maceip @sbc100 @claude