From e4d9fffe065460d2f7cb31c62ef5865fe2ac3322 Mon Sep 17 00:00:00 2001 From: William Kray Date: Tue, 31 Jan 2023 11:19:40 -0800 Subject: [PATCH 1/5] clarify the implications of using SRV DNS delegation and what it does NOT help users avoid --- docs/delegate.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docs/delegate.md b/docs/delegate.md index ee9cbb3b1cfc..aee82fcb9ab3 100644 --- a/docs/delegate.md +++ b/docs/delegate.md @@ -73,6 +73,15 @@ It is also possible to do delegation using a SRV DNS record. However, that is ge not recommended, as it can be difficult to configure the TLS certificates correctly in this case, and it offers little advantage over `.well-known` delegation. +Please keep in mind that server delegation is a function of server-server communication, +and as such using SRV DNS records will not cover use cases involving client-server comms. +This means setting global client settings (such as a Jitsi endpoint, or disabling +creating new rooms as encrypted by default, etc) will still require that you serve a file +from the `https:///.well-known/` endpoints defined in the spec! If you are +considering using SRV DNS delegation to avoid serving files from this endpoint, consider +the impact that you will not be able to change those client-based default values globally, +and will be relegated to the featureset of the configuration of each individual client. + However, if you really need it, you can find some documentation on what such a record should look like and how Synapse will use it in [the Matrix specification](https://matrix.org/docs/spec/server_server/latest#resolving-server-names). From e7cf3195e477193d47593e4f6b1647383b4a4ac9 Mon Sep 17 00:00:00 2001 From: William Kray Date: Tue, 31 Jan 2023 11:27:52 -0800 Subject: [PATCH 2/5] include changelog file --- changelog.d/14959.doc | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelog.d/14959.doc diff --git a/changelog.d/14959.doc b/changelog.d/14959.doc new file mode 100644 index 000000000000..c5407ef02093 --- /dev/null +++ b/changelog.d/14959.doc @@ -0,0 +1,2 @@ +Update delegation documentation to clarify that SRV DNS delegation does not eliminate all needs to serve files from +.well-known locations. From 73714e575c9c63a9e6436a7d3d8628c2f4b19518 Mon Sep 17 00:00:00 2001 From: William Kray Date: Tue, 31 Jan 2023 11:30:34 -0800 Subject: [PATCH 3/5] include credit in changelog --- changelog.d/14959.doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/14959.doc b/changelog.d/14959.doc index c5407ef02093..a5d106708ad4 100644 --- a/changelog.d/14959.doc +++ b/changelog.d/14959.doc @@ -1,2 +1,2 @@ Update delegation documentation to clarify that SRV DNS delegation does not eliminate all needs to serve files from -.well-known locations. +.well-known locations. @williamkray From 70ea387d62f0402d8f2db700fa877d7736946d42 Mon Sep 17 00:00:00 2001 From: William Kray Date: Tue, 7 Feb 2023 12:45:34 -0800 Subject: [PATCH 4/5] fix contrib attribution formatting to make CI happy --- changelog.d/14959.doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/14959.doc b/changelog.d/14959.doc index a5d106708ad4..3fe99f259e81 100644 --- a/changelog.d/14959.doc +++ b/changelog.d/14959.doc @@ -1,2 +1,2 @@ Update delegation documentation to clarify that SRV DNS delegation does not eliminate all needs to serve files from -.well-known locations. @williamkray +.well-known locations. Contributed by @williamkray. From 2742972d48de373ecd9e3bcb1089d029fca0ce28 Mon Sep 17 00:00:00 2001 From: William Kray Date: Tue, 7 Feb 2023 12:47:35 -0800 Subject: [PATCH 5/5] fix contrib attribution formatting to make CI happy... again --- changelog.d/14959.doc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/changelog.d/14959.doc b/changelog.d/14959.doc index 3fe99f259e81..45edf1a76520 100644 --- a/changelog.d/14959.doc +++ b/changelog.d/14959.doc @@ -1,2 +1 @@ -Update delegation documentation to clarify that SRV DNS delegation does not eliminate all needs to serve files from -.well-known locations. Contributed by @williamkray. +Update delegation documentation to clarify that SRV DNS delegation does not eliminate all needs to serve files from .well-known locations. Contributed by @williamkray.