Mock DNS records for onion services

DNS records are increasingly used for functionality beyond IP addresses. Much of it is equally applicable to onion services: CAA records are a good example, as certificate authorities are now allowed to issue domain-validated certificates for onion addresses.

I feel this is a relatively easy feature to add, at least in a limited capacity: specify DNS records in the torrc file, and upload them with the other service descriptors. When resolving DNS queries through Tor, Tor could then fetch those records instead of going to the actual Domain Name System.

If necessary, DNSSEC is easy too: use the onion service’s ed25519 key to generate DNSKEY and RRSIG records. You can skip the chain of trust back to root, for obvious reasons.

That seems cool but I don’t really see a use case for this besides certs? But they don’t have any benefits for Tor

TXT records are critical for DMARC, DKIM, and SPF, which are in turn extremely important for using email.

SRV, SVBC, and HTTPS records are required, recommended, or at least helpful for numerous protocols and applications. Or will be, in the case of the latter two.

I can provide more use cases if you want.