In this kind of application I'd make the DNS calls back to wherever I got the page with the Javascript, which has a very straightforward security model. (If it lies about the DNS responses, it can equally well send out Javascript that lies in the pages it constructs.)
Can not whoever develops Javascript develop some correct libraries for usage of domain names?
Of course, but you could say that about anything we standardize. If
there's a standard way to do it, we can share and reuse code across
applications.
Keep in mind that the current draft is really simple. The client sends
the server the same bits that would go in a normal DNS query, and the
server sends back the same bits that would come in a normal reply, each
wrapped in a suitable MIME type. There'll be libraries anyway to create
and parse the DNS packets. It specifically does *not* try to send parsed
results since that would need endless updates every time there was a new
rrtype.
Regards,
John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly