Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Using SVCB and HTTPS records in bind DNS

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 2 Posters 141 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      champagnecharly
      last edited by champagnecharly

      I'm very new to pfsense and dns in general.
      What I would like to achieve is for user to enter

      example.lan

      and for it to be directed to

      example.lan:PORT

      I tried adding

      _http._tcp.lan IN SRV 0 0 PORT example.lan.

      amongst other within the custom config of the zone subsection of DNS
      testing using cmd returned the following:

      nslookup -q=SRV example.lan
Server:  UnKnown
Address:  DNS_IP


lan
        primary name server = lan
        responsible mail addr = lan
        serial  = 2779728683
        refresh = 86400 (1 day)
        retry   = 7200 (2 hours)
        expire  = 2419200 (28 days)
        default TTL = 3600 (1 hour)

      Later i found that the browsers can not handle SRV. Is this the case?

      So is SVCB able to provide the functionality i am looking for? Can it be used in custom config? and can it work with http as well as https? I have tried a the following however the browser will not or does not appear to forward to the addr+port.

      _PORT_tcp.example.lan. 3600 IN SVCB 0 example.lan.

      nslookup type64 doesnt seem to be recognised in cmd or powershell
      Attempting with linux

      # nslookup type=type64 music.lan
;; communications error to 192.168.2.10#53: connection refused
;; communications error to 192.168.2.10#53: connection refused
;; communications error to 192.168.2.10#53: connection refused
;; no servers could be reached

      Maybe i am missing somehting but no errors woudl indicate no major issue however, again i am not geting forwarded to the correct port.

      Anybody have any ideas/ can tell me where i am going wrong please?

      1 Reply Last reply Reply Quote 0
      • C Offline
        champagnecharly
        last edited by

        Ok. so i had made a few errors.

        nslookup type=type64 music.lan

        should be:

        nslookup -type=type64 music.lan

        missing the - before type so

        _PORT_tcp.example.lan. 3600 IN SVCB 0 example.lan.

        should be:

        example.lan. 3600 IN SVCB 1 example.lan. port=XXXX

        port specified after along with other params
        . after address for explicit.
        and 1 for priority not zero as its not an alias. And when alias is required params dont work.

        whilst there are many others.. i found a great resource here:
        link text

        However whilst nslookup & dig find the record, the browser(s) do(es) not. Disapointing.

        patient0P 1 Reply Last reply Reply Quote 0
        • patient0P Offline
          patient0 @champagnecharly
          last edited by

          @champagnecharly prefix I never used it but found it an interesting feature:

          Clients do have to support SVCB and asking the internet about it, it tells me that Chrome and Firefox should support it. In the below serverfault link it's mentioned that e.g. the feature is not enabled per default for Firefox.

          https://serverfault.com/questions/1151933/how-does-a-web-browser-use-a-https-or-svcb-dns-resource-record-rr and the answer that mentioned how to enable it in Firefox: https://serverfault.com/a/1163666. The article is from older (end of 2024) so it may changed.

          Addition: Firefox 151.0.2 on macOS has it "network.dns.native_https_query" enabled per default.

          C 1 Reply Last reply Reply Quote 0
          • C Offline
            champagnecharly @patient0
            last edited by

            @patient0 Thanks. I did come across that and dl firefox. Sadly no mac to hand and the settings in firefox still don't allow for resolution.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.