Search | Running | Sailfish OS | All Posts | About Me

My website is now sporting a shiny new HTTPS DNS record!

February 14, 2025 — Nico Cartron

As I explained in that previous article, I (finally) enabled HTTP/2 on my Apache web server.

The initial goal was to support the (not so) new HTTPS record, which makes it faster to connect to the destination.

Once Encrypted Client Hello is a bit more deployed, I may even add it to my HTTPS RR!

Anyway, I digress - here's how I set it up in my PowerDNS Authoritative server:

www.ncartron.org        3600    IN      HTTPS   1 . alpn=h2,http/1.1 ipv4hint=auto ipv6hint=auto

and when asking for this record, you will get:

$ dig https www.ncartron.org @ns3.ncartron.org
; <<>> DiG 9.20.5 <<>> https www.ncartron.org @ns3.ncartron.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37652
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;www.ncartron.org.      IN  HTTPS

;; ANSWER SECTION:
www.ncartron.org.   3600    IN  HTTPS   1 . alpn="h2,http/1.1" ipv4hint=193.200.42.230 ipv6hint=2001:67c:1740:9032::230

Note that the ipv4hint and ipv6hint IP addresses have been automatically generated by PowerDNS, as I added svc-autohints=yes in my pdns.conf

Tags: DNS

I don't have any commenting system, but email me (nicolas at ncartron dot org) your comments!
If you like my work, you can buy me a coffee!