From 9ca9b9e291656d550c37d632ded2695194959b85 Mon Sep 17 00:00:00 2001
From: =?utf8?q?David=20H=C3=A4rdeman?= <david@hardeman.nu>
Date: Wed, 10 Sep 2025 23:41:30 +0200
Subject: [PATCH] luci-mod-network: add DNR (RFC9463) support
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

odhcpd has had support for Discovery of Network-designated Resolvers
(DNR, RFC9463), which allows allows devices on the network to discover
encrypted DNS resolvers, since December 2024 [1].

This patch adds a basic luci interface to configure DNR records. odhcp
actually supports DNR records via DHCPv4, DHCPv6 and RA, but since it's
typically only used for the latter two, stashing the option next to IPv6
DNS server options seems reasonable.

Patch v2: long help string broken into multiple strings, "Format: ..."
changed to "Syntax: ...".

Patch v3: add a note on the _lifetime=<seconds> parameter, add a RA
<abbr> stanza.

Patch v4: change title to "Announce encrypted DNS servers", change IPv6
example address to the IANA documentation address space, add a blurb
about IPv4 address support (only when odhcpd is used for DHCPv4).

[1] https://github.com/openwrt/odhcpd/commit/6d342cc03bf72f27d0838942d009bf1c5df4f954

Signed-off-by: David Härdeman <david@hardeman.nu>
(cherry picked from commit b4965119bc213b756af442a395514afce5a8bdeb)
---
 .../resources/view/network/interfaces.js           | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js
index 7ba803463c..db0a28a403 100644
--- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js
+++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js
@@ -957,6 +957,20 @@ return view.extend({
 					so.depends('dhcpv6', 'server');
 					so.depends({ dhcpv6: 'hybrid', master: '0' });
 
+					so = ss.taboption('ipv6', form.DynamicList, 'dnr', _('Announce encrypted DNS servers'),
+						_('Specifies a fixed list of encrypted DNS server addresses to announce via DHCPv6/<abbr title="Router Advertisement">RA</abbr> (see %s).')
+						 .format('<a href="%s" target="_blank">RFC9463</a>').format('https://www.rfc-editor.org/rfc/rfc9463') + '<br/>' +
+						_('IPv4 addresses are only supported if <code>odhcpd</code> also handles DHCPv4.') + '<br/>' +
+						_('Syntax: <code>&lt;numeric priority&gt; &lt;domain-name&gt; [IP,...] [SVC parameter ...]</code>') + '<br/>' +
+						_('Example: <code>100 dns.example.com 2001:db8::53,192.168.1.53 alpn=doq port=853</code>') + '<br/>' +
+						_('Note: the <code>_lifetime=&lt;seconds&gt;</code> SVC parameter sets the lifetime of the announced server (use <code>0</code> to indicate a server which should no longer be used).')
+					);
+					so.datatype = 'string';
+					so.depends('ra', 'server');
+					so.depends({ ra: 'hybrid', master: '0' });
+					so.depends('dhcpv6', 'server');
+					so.depends({ dhcpv6: 'hybrid', master: '0' });
+
 					so = ss.taboption('ipv6', form.Flag, 'dns_service', _('Local IPv6 DNS server'),
 						_('Announce this device as IPv6 DNS server.'));
 					so.default = so.enabled;
-- 
2.30.2