Automatic generation of HTTPS/SVCB (type 64/65) records #4878
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
PseudoResonance
added
the
kind/feature
|
This would be nice to have in AWS as well since they recently added support for SVCB/HTTPS records. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
Automatic generation of HTTPS/SVCB (type 64/65) DNS records based on service IPs.
Why is this needed:
Around August, Cloudflare began rolling out ECH support with HTTPS records, and Firefox has also forcefully enabled support. While support for connecting is still missing in Golang as of November, it would be good to begin supporting it, as it has the potential to improve security for users.
Additionally, I use ExternalDNS to override global DNS for internal lookups, however now that Cloudflare has rolled out HTTPS records and ECH, my sites will get the external IPs from Cloudflare's HTTPS, and the internal IPs from ExternalDNS' A/AAA records. Depending on the implementation, sites that can be found through HTTPS/SVCB may completely ignore corresponding A/AAAA records and use only the ipv4/ipv6 hints, or may take a very long time to load, and I had to manually override the HTTPS records to prevent interruption.
If ExternalDNS could automatically add these records as well, it would simplify the process.
The text was updated successfully, but these errors were encountered: