It would be interesting to set up an http/https server on an alternate port, as documented in section 7.2, and see how many connections it gets. Of course you would need a control using some other http/https server on an undocumented port, so you could tell the difference between connections from port scanners vs. DNS lookups.
Assuming you're running your own DNS server, you could also check the logs to see how many queries you get for the "port" SvcParamKey.
> Assuming you're running your own DNS server, you could also check the logs to see how many queries you get for the "port" SvcParamKey.
Any DNS responses for an HTTPS/SVCB record will always include all parameters, so you can't really test things that way. But I do run my own DNS server, and in the past 90 days, it issued 206 071 A responses, 122 314 AAAA responses, and 4 426 HTTPS responses, so HTTPS RR requests are still fairly rare.
It would be interesting to set up an http/https server on an alternate port, as documented in section 7.2, and see how many connections it gets. Of course you would need a control using some other http/https server on an undocumented port, so you could tell the difference between connections from port scanners vs. DNS lookups.
Assuming you're running your own DNS server, you could also check the logs to see how many queries you get for the "port" SvcParamKey.
My guess is it will be a very small number.
> Assuming you're running your own DNS server, you could also check the logs to see how many queries you get for the "port" SvcParamKey.
Any DNS responses for an HTTPS/SVCB record will always include all parameters, so you can't really test things that way. But I do run my own DNS server, and in the past 90 days, it issued 206 071 A responses, 122 314 AAAA responses, and 4 426 HTTPS responses, so HTTPS RR requests are still fairly rare.
36 comments back in 2023: https://news.ycombinator.com/item?id=38420555