From 916c048a41c93776cc3fe2988ea59e7c3a299d3c Mon Sep 17 00:00:00 2001 From: Sergii Bezliudnyi Date: Wed, 24 Jun 2026 10:40:03 +0200 Subject: [PATCH 1/2] docs(dns-monitors): document the HTTPS (RFC 9460) record type Add HTTPS to the supported record types and the DnsMonitor construct reference, plus an HTTPS JSON-response accordion and an HTTP/3 monitoring use case in the configuration page (assert alpn contains h3 via a text-answer capture group; ipv4hint/ipv6hint present). --- constructs/dns-monitor.mdx | 4 +- .../dns-monitors/configuration.mdx | 54 ++++++++++++++++++- .../dns-monitors/overview.mdx | 1 + 3 files changed, 56 insertions(+), 3 deletions(-) diff --git a/constructs/dns-monitor.mdx b/constructs/dns-monitor.mdx index 382cf9cf..7dc6b7f1 100644 --- a/constructs/dns-monitor.mdx +++ b/constructs/dns-monitor.mdx @@ -17,7 +17,7 @@ Before creating DNS Monitors, ensure you have: - An initialized Checkly CLI project - A domain or hostname you want to monitor -- Basic understanding of DNS record types (A, AAAA, CNAME, MX, NS, TXT, SOA) +- Basic understanding of DNS record types (A, AAAA, CNAME, MX, NS, TXT, SOA, HTTPS) For additional setup information, see [CLI overview](/cli/overview). @@ -121,7 +121,7 @@ new DnsMonitor("dns-monitor", { | Parameter | Type | Required | Default | Description | |-----------|------|----------|---------|-------------| | `query` | `string` | ✅ | - | The DNS query (domain name or IP address) | -| `recordType` | `DnsRecordType` | ✅ | - | DNS record type: A, AAAA, CNAME, MX, NS, TXT, SOA | +| `recordType` | `DnsRecordType` | ✅ | - | DNS record type: A, AAAA, CNAME, MX, NS, TXT, SOA, HTTPS | | `nameServer` | `string` | ❌ | - | Custom DNS server to query (e.g. "9.9.9.9") | | `port` | `number` | ❌ | `53` | Port of the DNS server | | `protocol` | `DnsProtocol` | ❌ | `UDP` | Protocol to use: UDP or TCP | diff --git a/detect/uptime-monitoring/dns-monitors/configuration.mdx b/detect/uptime-monitoring/dns-monitors/configuration.mdx index f6a0d442..c852810f 100644 --- a/detect/uptime-monitoring/dns-monitors/configuration.mdx +++ b/detect/uptime-monitoring/dns-monitors/configuration.mdx @@ -288,8 +288,48 @@ Common assertions: - Text response contains expected serial number + +HTTPS records carry [SvcParams](https://www.rfc-editor.org/rfc/rfc9460) — the +parameters a browser uses to connect over HTTP/3 on its first request (`alpn`, +`ipv4hint`/`ipv6hint`, `ech`, …). The whole record is rendered into the `data` +field in DNS presentation format. + +```json +{ + "Answer": [ + { + "name": "savearoundtrip.com.", + "type": "HTTPS", + "TTL": 300, + "data": "1 . alpn=\"h3,h2\" ipv4hint=\"203.0.113.10\" ipv6hint=\"2001:db8::10\"" + } + ], + "Question": [ + { + "name": "savearoundtrip.com.", + "type": "HTTPS" + } + ], + "Status": "NOERROR" +} +``` + +Common assertions: +- Text answer with the regex `alpn="([^"]*)"` contains `h3` - verify HTTP/3 is advertised (the capture group scopes the match to the `alpn` value) +- Text answer with the regex `alpn="([^"]*)"` contains `h2` - verify HTTP/2 is advertised +- `$.Answer[0].data` contains `ipv4hint` - verify IPv4 address hints are published +- `$.Answer[0].data` contains `ipv6hint` - verify IPv6 address hints are published + + +Use a text-answer **capture group** (`alpn="([^"]*)"`) rather than a bare +`contains('h3')` over the whole record. A bare substring check can false-match +unrelated bytes such as an `ipv4hint` octet or the `ech` blob; the capture group +scopes the match to the advertised protocols. + + + -**Record type support**: DNS monitors currently support A, AAAA, CNAME, MX, NS, SOA, and TXT record types. Additional record types (SRV, CAA, PTR, etc.) may be added in future updates. +**Record type support**: DNS monitors currently support A, AAAA, CNAME, MX, NS, SOA, TXT, and HTTPS record types. Additional record types (SRV, CAA, PTR, etc.) may be added in future updates. ### Response Time Limits @@ -383,3 +423,15 @@ For DMARC: - **Assertions**: - `$.Answer[0].data` equals `ns1.example.com.` or `ns2.example.com.` + + +**Scenario**: Publishing an HTTPS DNS record lets browsers connect over HTTP/3 (QUIC) on the first request, saving a round trip. Monitor that the record stays published and keeps advertising `h3`. + +**Configuration**: +- **Domain**: `example.com` +- **Record type**: HTTPS +- **Assertions**: + - Response code equals `NOERROR` (the record resolves) + - Text answer with regex `alpn="([^"]*)"` contains `h3` (HTTP/3 advertised) + - `$.Answer[0].data` contains `ipv4hint` (IPv4 address hints published) + diff --git a/detect/uptime-monitoring/dns-monitors/overview.mdx b/detect/uptime-monitoring/dns-monitors/overview.mdx index 38cc25f9..8dc2838f 100644 --- a/detect/uptime-monitoring/dns-monitors/overview.mdx +++ b/detect/uptime-monitoring/dns-monitors/overview.mdx @@ -74,6 +74,7 @@ DNS monitors support the following DNS record types: - **NS**: Nameserver records - **SOA**: Start of authority records - **TXT**: Text records (SPF, DKIM, DMARC, etc.) +- **HTTPS**: HTTPS service binding records ([RFC 9460](https://www.rfc-editor.org/rfc/rfc9460)) — advertise HTTP/3 (`alpn`), address hints (`ipv4hint`/`ipv6hint`), and Encrypted Client Hello (`ech`) ## DNS Monitor Results From c76381dad9b70898532da50f3622c07c0def793f Mon Sep 17 00:00:00 2001 From: Sergii Bezliudnyi Date: Wed, 24 Jun 2026 11:12:56 +0200 Subject: [PATCH 2/2] docs(dns-monitors): use is.checkly.online in the HTTPS example Swap the savearoundtrip.com example for is.checkly.online (a Checkly-owned domain that advertises HTTP/3), matching the page's real-domain examples; use its actual ipv4hint/ipv6hint values. --- detect/uptime-monitoring/dns-monitors/configuration.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/detect/uptime-monitoring/dns-monitors/configuration.mdx b/detect/uptime-monitoring/dns-monitors/configuration.mdx index c852810f..80b7cb2b 100644 --- a/detect/uptime-monitoring/dns-monitors/configuration.mdx +++ b/detect/uptime-monitoring/dns-monitors/configuration.mdx @@ -298,15 +298,15 @@ field in DNS presentation format. { "Answer": [ { - "name": "savearoundtrip.com.", + "name": "is.checkly.online.", "type": "HTTPS", "TTL": 300, - "data": "1 . alpn=\"h3,h2\" ipv4hint=\"203.0.113.10\" ipv6hint=\"2001:db8::10\"" + "data": "1 . alpn=\"h3,h2\" ipv4hint=\"188.114.96.0,188.114.97.0\" ipv6hint=\"2a06:98c1:3120::,2a06:98c1:3121::\"" } ], "Question": [ { - "name": "savearoundtrip.com.", + "name": "is.checkly.online.", "type": "HTTPS" } ],