gofix/portal-tunnel-rs
1
0
Fork 0
Code Issues Pull requests Projects Releases 11 Packages 1 Wiki Activity Actions

fix: sync ECH DNS records #65

Merged
gofix merged 1 commit from fix/ech-dns-records into master 2026-05-09 03:53:49 +00:00
Conversation 0 Commits 1 Files changed 4 +731 -68
gofix commented 2026-05-08 18:11:04 +00:00
Owner
Copy link

Summary

  • Mirror upstream v2.2.0 ECH DNS behavior in the Rust relay: create/update A and HTTPS records with ech=... for ECH-backed public hostnames.
  • Wire ECH DNS sync/delete into direct register, unregister, hop route register/delete, rollback, and expired-record cleanup.
  • Keep the advertised release as v2.2.0+rs.1 and fix Cloudflare DELETE response handling so DNS cleanup does not warn on successful deletes.

Verification

  • cargo test -p portal-relay -> 114 passed, 3 ignored.
  • Built and pushed code.rly.best/gofix/portal-tunnel-rs:v2.2.0-rs.1 with digest sha256:bb75dc2c22a9869bc54656ca0c3068f9b52d4edc506461f6d83cc7f76ab9af00.
  • Deployed to rly.best with ACME_DNS_PROVIDER=cloudflare; /sdk/domain returns v2.2.0+rs.1.
  • Live ECH smoke: official upstream v2.2.0 CLI exposed echrs030859.rly.best; DNS returned an HTTPS RR containing ech=...; Go 1.26 TLS client completed the request with ECHAccepted=true, HTTP/1.0 200 OK, body portal-rs-ech-live-ok.
  • Confirmed the live test HTTPS record was removed after cleanup and no Cloudflare delete decode warning appeared after the DELETE response fix.
## Summary - Mirror upstream v2.2.0 ECH DNS behavior in the Rust relay: create/update `A` and `HTTPS` records with `ech=...` for ECH-backed public hostnames. - Wire ECH DNS sync/delete into direct register, unregister, hop route register/delete, rollback, and expired-record cleanup. - Keep the advertised release as `v2.2.0+rs.1` and fix Cloudflare DELETE response handling so DNS cleanup does not warn on successful deletes. ## Verification - `cargo test -p portal-relay` -> 114 passed, 3 ignored. - Built and pushed `code.rly.best/gofix/portal-tunnel-rs:v2.2.0-rs.1` with digest `sha256:bb75dc2c22a9869bc54656ca0c3068f9b52d4edc506461f6d83cc7f76ab9af00`. - Deployed to `rly.best` with `ACME_DNS_PROVIDER=cloudflare`; `/sdk/domain` returns `v2.2.0+rs.1`. - Live ECH smoke: official upstream `v2.2.0` CLI exposed `echrs030859.rly.best`; DNS returned an HTTPS RR containing `ech=...`; Go 1.26 TLS client completed the request with `ECHAccepted=true`, `HTTP/1.0 200 OK`, body `portal-rs-ech-live-ok`. - Confirmed the live test HTTPS record was removed after cleanup and no Cloudflare delete decode warning appeared after the DELETE response fix.
fix: sync ech dns records
Some checks failed
Rust CI / Format, lint, and test (pull_request) Failing after 1m14s
Details
8a43fb1577
gofix merged commit 00a8d2a27c into master 2026-05-09 03:53:49 +00:00
gofix referenced this pull request from a commit 2026-05-09 03:53:50 +00:00
fix: sync ECH DNS records (#65)
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
gofix/portal-tunnel-rs!65
No description provided.