Solving unsecure initial connections with new HTTPS and NS2 DNS RRs


Per November 7th 2020, JCloud has enabled the two new DNS records named HTTPS and NS2. These records are based on the draft standards https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc-03 and https://datatracker.ietf.org/doc/html/draft-tapril-ns2-01
When used, a client will go directly to TLS/encrypted mode without having to do the traditional unsecure upgrade/redirect from unencrypted/http to encrypted/https mode. It also supports parameters that can tell the client to use HTTP/3, DNS-TLS/DoH/DoT, ESNI pinning etc.

As of today there are very few known providers supporting these standards, but Apple enabled it on IOS version 14 so it is already extensively used on smartphones.

JCloud will add NS2 records to all customer domains shortly.
JClouds certificate service will add HTTPS records for all hostnames requesting certificate automatically, so there is no work needed to enable these new records.