1. DNS/1/資源レコード/HTTPS

Use of HTTPS Resource Records November 13th, 2023 https://www.netmeister.org/blog/https-rrs.html

https://eng-blog.iij.ad.jp/archives/12882

https://www.sobyte.net/post/2022-01/dns-svcb-https/

https://datatracker.ietf.org/doc/rfc9460/

RFC 9460 DNS/RFC/9460

HTTPS RRは、HTTP（RFC 9110、"HTTP Semantics"を参照）で使用するためのSVCBのバリエーションです。 これらのレコードは、クライアントが接続の確立を試みる前により多くの情報を提供することにより、 パフォーマンスとプライバシーの両方に潜在的な利点をもたらします。(Bard translation)

The HTTPS record passes a key milestone

By Ben Schwartz on 10 Aug 2022 https://blog.apnic.net/2022/08/10/the-https-record-passes-a-key-milestone/

/SVCB /output /用途 /IIJ /guide

https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-https/

https://www.janog.gr.jp/meeting/janog48/wp-content/uploads/2021/07/janog48-lt5-yamaguchi.pdf

https://simpledns.plus/help/https-records

Speeding up HTTPS and HTTP/3 negotiation with... DNS

2020/09/30

https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/

1.1. example

$ dig https cloudflare.com @1.1.1.1

; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> https cloudflare.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47150
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; NSID: 32 32 6d 33 30 31 ("22m301")
;; QUESTION SECTION:
;cloudflare.com.                        IN      HTTPS

;; ANSWER SECTION:
cloudflare.com.         300     IN      HTTPS   1 . alpn="h3,h2" ipv4hint=104.16.132.229,104.16.133.229 ipv6hint=2606:4700::6810:84e5,2606:4700::6810:85e5

;; Query time: 12 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Mon Aug 14 08:01:07 JST 2023
;; MSG SIZE  rcvd: 126

$ dnsq 65 bracket.co.jp kanye.ns.cloudflare.com
65 bracket.co.jp:
110 bytes, 1+1+0+0 records, response, authoritative, noerror
query: 65 bracket.co.jp
answer: bracket.co.jp 300 65 \000\001\000\000\001\000\014\002h3\005h3-29\002h2\000\004\000\010h\025R\240\254C\237Y\000\006\000\040&\006G\00003\000\000\000\000\000\000h\025R\240&\006G\00007\000\000\000\000\000\000\254C\237Y

$ dig -t https bracket.co.jp @kanye.ns.cloudflare.com

; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> -t https bracket.co.jp @kanye.ns.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23288
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;bracket.co.jp.                 IN      HTTPS

;; ANSWER SECTION:
bracket.co.jp.          300     IN      HTTPS   1 . alpn="h3,h3-29,h2" ipv4hint=104.21.82.160,172.67.159.89 ipv6hint=2606:4700:3033::6815:52a0,2606:4700:3037::ac43:9f59

;; Query time: 3 msec
;; SERVER: 173.245.59.189#53(kanye.ns.cloudflare.com) (UDP)
;; WHEN: Tue Oct 25 07:48:34 JST 2022
;; MSG SIZE  rcvd: 121