Use of HTTPS Resource Records

Very cool. It&#x27;s a bummer it only works in Firefox with DoH, though. I couldn&#x27;t find an explanation for why that is in the associated changeset[1].<p>(I would use DoH on my devices, but I run a local resolver for filtering purposes. The local resolver then connects to a global NS via DoH, but my local devices use plain old DNS.)<p>[1]: <a href="https:&#x2F;&#x2F;bugzilla.mozilla.org&#x2F;show_bug.cgi?id=1623126" rel="nofollow">https:&#x2F;&#x2F;bugzilla.mozilla.org&#x2F;show_bug.cgi?id=1623126</a>

This prompted me to try adding an HTTPS record for my home website. Worked fine in bind, didn&#x27;t take much work. Between A, AAAA, and HTTPS it is getting to be quite a lot to maintain vs the days of just having an A record. Of course, just having an A record is still a valid option (for now) if that&#x27;s your main concern.

I recently added HTTPS records to all of my domains, along with HTTP&#x2F;3.<p>From query statistics, I see that around 15% of the queries are for HTTPS records, 30-35% for A and AAAA records, and the rest for RR types like NS, TXT, etc. Browsers make HTTPS requests in addition to the A&#x2F;AAAA, so this makes sense.<p>In an ideal world, the ipv4&#x2F;ipv6hints do the job if A and AAAA records, so a browser will only need to make an HTTPS request.

Cool! I had no idea this was a thing. Looks way more elegant than HSTS and all that mess.<p>Whats the status on DNSSEC? Last I checked, it was a bit of a mess as far as protocols go.

Is there any guide for setting up ECH? Are we waiting for support in HTTPS server software?