DNS resolve depending on service.
I need to resolve a domain to a particular address depending on service; essentially:
HTTPS (Browser) -> CloudFlare
Elsewise -> Origin server
As far as I can tell there are no RRs that could coerce this behaviour; I considered SRV's but browsers don't consider them, and URI records are seemingly obsolete.
One option would be to map both the origin and CF. The main problem here is that, the particular non-HTTPS client software just relies on whatever address is returned by
gethostaddr() and assumes there's only one (unlike browsers, which will attempt others). Relying on the undefined ordering of A records (and everything above to get to gethostaddr()) would be very hacky.
The last resort would be doing HTTP redirection at the origin, redirecting to HTTPS/CF.2 Replies
If the other service other then https supports srv records like minecraft that works well.
Otherwise there's not really a great free solution for this. Spectrum Enterprise lets you do port 443/80 http pipeline and point other ports as other services, but Enterprise. You'd need something like that essentially, if not just running both services on the same host.
Eventually there's been talk about this being possible with svcb records/https records, Akamai has been pushing it: https://datatracker.ietf.org/doc/rfc9460/, https://community.akamai.com/customers/s/article/NetworkOperatorCommunityNewSVCBHTTPSResourceRecordsinthewild20201128135350?language=en_US. I haven't poked around it too much but my understanding is it's a specific feature of https/svcb spec that either chrome/firefox want to support right now, although they're still trying. Maybe one day
Unfortunately for backwards compatibility reasons we need to maintain this simplistic behaviour, elsewise we could indeed just use srv records or something else in the non-HTTP software.
Spectrum would be overkill in this case, but thanks for pointing out that RFC; would indeed be nice to have in the future.