DNS HTTPS records are a new type of DNS record that enables automatic discovery of HTTPS configuration and alternative services for web connections. These records help improve web performance and security by providing information about supported protocols, ports, and service parameters directly through DNS.
HTTPS records, defined in RFC 9460, provide a way to signal HTTPS support and configuration for a domain directly through DNS. These records can indicate alternative service endpoints, supported protocols (like HTTP/2 or HTTP/3), and other connection parameters that help browsers establish optimal connections.
HTTPS records include priority and weight values for service selection, along with service parameters that can specify port numbers, protocol versions, and other connection hints. This enables intelligent client behavior such as attempting HTTP/3 connections when available or connecting to alternative endpoints for better performance.
When a browser or other HTTP client needs to connect to a website, it can query for HTTPS records in addition to traditional A and AAAA records. The HTTPS record provides hints about the best way to establish the connection, including information about supported protocols and alternative service endpoints.
HTTPS records can indicate support for newer protocols like HTTP/3 over QUIC, specify alternative port numbers, or point to CDN endpoints that might provide better performance. This allows for automatic protocol negotiation and service discovery without requiring additional round trips.
The use of HTTPS records can significantly improve web performance by enabling faster connection establishment and automatic selection of the best available protocols. They also provide a path for deploying new web technologies while maintaining backward compatibility with older clients.
Here's what an HTTPS record looks like for the domain example.com:
