tf-stage1: Add HTTPS[1] DNS records for speeding up HTTP/3 negotiation

This should have been added in the HTTP/3 commits[2][3], but it was my understanding that it was not supported by Hetzner DNS. It apparently is supported but not documented.

Cloudflare has a blog post[4] explaining how this speeds up HTTP/3 negotiation. Basically, the clients can connect over HTTP/3 right away, rather than having to connect with an older protocol (probably HTTP/2 in our case) and then upgrade to HTTP/3 (based on the Alt-Svc header).

Our domains are HSTS preloaded[1], so it would not speed up HTTPS negotiation in most cases.

[1] https://datatracker.ietf.org/doc/html/rfc9460
[2] 8dfa7e8c ("nginx: Add plumbing for enabling HTTP/3 conditionally")
[3] 28e0f03c ("Enable HTTP/3 for {,aur.,wiki.}archlinux.org")
[4] https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns
[5] https://hstspreload.org/

I want to rollout HTTP/3 to the mirrors next, so this should go in first as I need to add the same record in the dyn_dns role.

added 1 commit

• 9e5b9b45 - tf-state1: Create HTTPS RR for speeding up HTTP/3 negotiation

Compare with previous version

resolved all threads

added 5 commits

• 9e5b9b45...32a8c07a - 4 commits from branch archlinux:master
• 5a178d17 - tf-stage1: Add HTTPS[1] DNS records for speeding up HTTP/3 negotiation

Compare with previous version

marked this merge request as ready

changed title from Draft: tf-state1: Create HTTPS RR for speeding up HTTP/3 negotiation to tf-stage1: Add HTTPS[1] DNS records for speeding up HTTP/3 negotiation

changed the description

added 1 commit

• b82335ca - tf-stage1: Add HTTPS[1] DNS records for speeding up HTTP/3 negotiation

Compare with previous version

mentioned in commit 4861cf0c

merged manually