[dns-operations] Testing of SVCB/HTTPS records
Jan Schaumann
jschauma at netmeister.org
Fri Apr 12 17:55:35 UTC 2024
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> Does anyone know a tool (online or local) to test that published
> SVCB/HTTPS records are correct? At least checking requirments like all
> parameter keys in order, and ideally try to connect to check the
> parameters.
I'm not aware of such a tool, but I've done some
digging into in how far popular browsers currently
support or implement HTTPS records. That support is
still lacking in many parts, with only certain
parameters being supported and inconsistent
follow-through on e.g., alias-mode etc.
(I've been meaning to summarize my results in blog
form, but haven't gotten around to it.)
I've opened some tickets with Chrome, Safari, and
Mozilla (e.g.,
https://bugzilla.mozilla.org/show_bug.cgi?id=1869075);
I believe Chrome is currently focused on use of
HTTPS records for ECH; Safari looks to me to have the
best support (but is still lacking in some parts).
On the server side, I did an analysis of use of HTTPS
records by domain last year that, if a tangent, may be
of interest here, too:
https://www.netmeister.org/blog/https-rrs.html
-Jan
More information about the dns-operations
mailing list