A record and HTTPS record

I have a domain registered with openprovider.eu, that I want to use for a website hosted on readthedocs.io.

The domain is fanaka.pro.

Unfortunately:

• readthedocs.io only supports CNAMEs pointing to their infrastructure, not A records
• openprovider.eu does not support ALIAS/ANAME

This means I can’t set up the domain so that https://fanaka.pro will resolve to readthedocs.io, so I am trying out deSEC, which offers the HTTPS record type.

I think I have set up the CNAME and HTTPS records correctly - does this look correct:

fanaka.pro.	3600	IN	HTTPS	1 readthedocs.io.
fanaka.pro.	3600	IN	NS	ns1.desec.io.
fanaka.pro.	3600	IN	NS	ns2.desec.org.
fanaka.pro.	300	IN	SOA	get.desec.io. get.desec.io. 2025073103 86400 3600 2419200 3600
www.fanaka.pro.	3600	IN	CNAME	readthedocs.io.

I don’t have an A record. I am not sure what I would do with it in this situation. Is one needed?

At present https://www.fanaka.pro works but https://fanaka.pro doesn’t - but maybe it just needs a bit of time to settle down.

Thanks for any advice.

It looks alright. You’re using the HTTPS RR in service mode (priority non-zero) with targetname. Note that support for using a targetname (also in alias mode, with priority zero) is practically non-existent, so you should provide a “classic” way to redirect browsers to the desired target location. Otherwise many visitors will get a “can’t resolve domain name” error. A tiny web server configuration with an A record, just for redirecting to the www subdomain, would do. It doesn’t have to be hosted at the same place as the target domain.

I don’t fully understand that, but it sounds like priority 0 would make more sense so I have changed that.

It won’t make much of a difference, but is not wrong either. What you’re trying to do doesn’t work in the major browsers. Here is a rundown from about a year ago. As far as I can tell not much has changed since then. HTTPS resource record alias mode and service mode with target name cannot be relied upon.