The HTTPS record is supported by EVERY DNS server on the planet to various
degrees. DNS was designed to allow new records types to be served without
having to upgrade the world. Originally you needed to upgrade the servers that
served the zone with the new type as the zone content needed to be written out
to disk but recursive servers could still query for them and return them. This
was fixed in 2003 with RFC 3597 which provided a generic way to enter and write
out unknown records types. If your DNS provider doesn’t support entering HTTPS
or the unknown record type find one which is not 20 years behind the times.
Resolver code in OS’s was required to support unknown record types. I could
take a BSD 4.2 server from last century and query for HTTP using the resolver
library and it would work. I would have to use 65 rather than the nemonic
HTTPS when performing the lookup but it would work.
These are the same record in different formats. Any DNS server shipped in the
last 20 years should support the later format.
www.sample-test.com. 1800 IN HTTPS ( 1 . alpn=h3,h3-29,h2
ipv4hint=1.2.3.4,9.8.7.6
ipv6hint=2001:db8:3333:4444:5555:6666:7777:8888,2001:db8:3333:4444:CCCC:DDDD:EEEE:FFFF
)
www.sample-test.com. 1800 IN TYPE65 \# 67 (
0001000001000C0268330568332D323902683200040008
01020304090807060006002020010DB833334444555566
667777888820010DB833334444CCCCDDDDEEEEFFFF )
Named added support for HTTPS and SVCB in 2021 in the 9.11, 9.16, and 9.17
branches but you can use TYPE65 in older releases.
As for browser support Safari added HTTPS record support years ago (~2020).
Mozilla finally removed the restriction of only looking up HTTPS records via
DoH in release 129.0.
Chrome added support in 2021.
Searching for information about which browsers support it is problematic
because DNS and HTTPS are used together for different things.
Mark
> On 25 Dec 2024, at 06:53, Cuttler, Brian R (HEALTH) via bind-users
> <bind-users@lists.isc.org> wrote:
>
> Thanks Jan,
>
> Per discussion not supported by all dns servers nor clients.
> Ultimate solution is a non-DNS based fix to the websites anchors or a url
> wr-write function to correct for the missing www. Prefix.
>
> Thanks,
> Brian
>
>
> -----Original Message-----
> From: bind-users <bind-users-boun...@lists.isc.org> On Behalf Of Jan
> Schaumann via bind-users
> Sent: Tuesday, December 24, 2024 2:25 PM
> To: bind-users@lists.isc.org
> Subject: Re: cname for apex record
>
> ATTENTION: This email came from an external source. Do not open attachments
> or click on links from unknown senders or unexpected emails.
>
>
> "Cuttler, Brian R (HEALTH) via bind-users" <bind-users@lists.isc.org> wrote:
>
>> However, I've been asked if we can point the apex record at the external
>> webserver.
>
> I'm not quite sure if this covers what you're trying
> to accomplish, but if you're talking about an HTTP /
> browser context, you can take a look at setting an
> RFC9460 HTTPS Alias record.
>
> Support for this in browsers is still kinda iffy,
> though, so perhaps more of a "down the line" kind of
> solution.
>
> -Jan
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
