| ▲ | JdeBP 2 days ago | |
I have observed WWW browsers doing HTTPS lookups in my server logs, in 2025. Bad actors do them as well. The sad thing is that the HTTPS resource record type will not upgrade HTTP directed to one domain into HTTPS directed to another domain. The RFC's examples (in section 10 and elsewhere) indicate that this should work. I made one of my WWW sites inaccessible to several modern WWW browsers for a day learning that in practice it does not. One could view this as malicious compliance with section 9, as WWW browser writers have a decades long history, including the famous Chrome, Mozilla, and WebKit bugs, of fighting against DNS mechanisms that fix the apex problem. * https://jdebp.uk/FGA/dns-srv-record-use-by-clients.html#HTTP... A more charitable view is that, this being the 2020s, they simply did not give much attention to the case of HTTP. The idea exists on paper in the RFC, but in practice I wonder whether I am one of just a few people who has actually tried apex aliasing from HTTP to HTTPS (as opposed to aliasing from HTTPS to HTTPS). | ||
| ▲ | arccy a day ago | parent [-] | |
These days it's often fine to not have anything on port 80 at all, just 443 is sufficient for browsers to discover / reach a website. | ||