What Is an HTTPS Record

An HTTPS record is a specialized DNS record type that provides connection information for HTTPS services. It enables browsers to connect more efficiently by advertising support for HTTP/3, Encrypted Client Hello (ECH), and providing connection hints—all in a single DNS query.

How HTTPS Records Work

HTTPS records are a specific use of the more general SVCB (Service Binding) record type:

example.com.    3600    HTTPS    1 . alpn="h3,h2" ipv4hint=192.0.2.1 ipv6hint=2001:db8::1

This tells browsers:

• Connect to the same hostname (. = use the query name)
• Server supports HTTP/3 (h3) and HTTP/2 (h2)
• Server IPs are 192.0.2.1 (IPv4) and 2001:db8::1 (IPv6)

Benefits of HTTPS Records

1. Faster Connections

Browsers receive all connection parameters in one DNS query instead of multiple round trips.

2. HTTP/3 Discovery

Browsers can attempt HTTP/3 (QUIC) connections immediately, without needing an Alt-Svc header first.

3. Encrypted Client Hello (ECH)

Enables encrypted SNI to hide which site you're connecting to.

4. No HSTS Preload Required

HTTPS records signal HTTPS-only access without browser preload lists.

5. IP Address Hints

Provide IP addresses directly, potentially saving an A/AAAA lookup.

Record Components

Priority

• 0 = Alias mode (like CNAME for HTTPS)
• 1-65535 = Service mode (connection parameters)

Target

• . = Same as query name
• Hostname = Redirect to different host

Service Parameters (SvcParams)

Common Use Cases

Basic HTTPS Record with HTTP/3

example.com.        3600    HTTPS    1 . alpn="h3,h2"
www.example.com.    3600    HTTPS    1 . alpn="h3,h2"

With IP Address Hints

example.com.    3600    HTTPS    1 . alpn="h3,h2" ipv4hint=192.0.2.1 ipv6hint=2001:db8::1

Alias Mode (HTTPS CNAME)

Point apex to a CDN without using CNAME:

example.com.    3600    HTTPS    0 cdn.example.net.

Non-Standard Port

api.example.com.    3600    HTTPS    1 . alpn="h3,h2" port=8443

Multiple Priority Levels (Failover)

example.com.    3600    HTTPS    1 . alpn="h3,h2"
example.com.    3600    HTTPS    2 backup.example.com. alpn="h2"

With ECH (Encrypted Client Hello)

example.com.    3600    HTTPS    1 . alpn="h3,h2" ech="AEX+DQA..."

Record Format

Adding an HTTPS Record

Using the Dashboard

1. Navigate to your zone in the DNScale dashboard
2. Click Add Record
3. Configure the record:
   • Name: Enter subdomain or @ for apex
   • Type: Select HTTPS
   • Priority: Set priority (1 for primary, 0 for alias mode)
   • Target: Use . for same name or enter target hostname
   • ALPN: Enter protocols (e.g., h3,h2)
   • Port: (Optional) Non-standard port
   • IPv4 Hint: (Optional) IPv4 address
   • IPv6 Hint: (Optional) IPv6 address
   • TTL: Set the cache duration (default: 3600)
4. Click Create Record

Using the API

Create a basic HTTPS record:

curl -X POST "https://api.dnscale.eu/v1/zones/{zone_id}/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "@",
    "type": "HTTPS",
    "content": "1 . alpn=\"h3,h2\"",
    "ttl": 3600
  }'

With IP address hints:

curl -X POST "https://api.dnscale.eu/v1/zones/{zone_id}/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "@",
    "type": "HTTPS",
    "content": "1 . alpn=\"h3,h2\" ipv4hint=192.0.2.1 ipv6hint=2001:db8::1",
    "ttl": 3600
  }'

Alias mode (HTTPS CNAME):

curl -X POST "https://api.dnscale.eu/v1/zones/{zone_id}/records" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "@",
    "type": "HTTPS",
    "content": "0 cdn.cloudprovider.com",
    "ttl": 3600
  }'

API Response:

{
  "status": "success",
  "data": {
    "message": "Record created successfully",
    "record": {
      "id": "encoded-record-id",
      "name": "example.com.",
      "type": "HTTPS",
      "content": "1 . alpn=\"h3,h2\" ipv4hint=192.0.2.1 ipv6hint=2001:db8::1",
      "ttl": 3600,
      "disabled": false
    }
  }
}

ALPN Protocol Values

Recommended order: h3,h2 (prefer HTTP/3, fall back to HTTP/2)

Alias Mode vs Service Mode

Alias Mode (Priority 0)

Works like CNAME but for HTTPS services:

example.com.    HTTPS    0 cdn.example.net.

• Points to another hostname
• Inherits target's HTTPS configuration
• Works at apex domain

Service Mode (Priority 1+)

Provides direct connection parameters:

example.com.    HTTPS    1 . alpn="h3,h2"

• Specifies connection details
• Can include IP hints
• Multiple records for failover

Best Practices

1. Always include ALPN - Browsers need protocol information; alpn="h3,h2" is standard

2. Use IP hints for performance - Saves additional DNS lookups

3. Keep A/AAAA records - HTTPS records don't replace A/AAAA; maintain both for compatibility

4. Start with priority 1 - Use lower numbers for higher priority

5. Test browser support - Verify with Chrome/Firefox DevTools that HTTPS records are being used

6. Use alias mode for CDN - Priority 0 is ideal for pointing apex to CDN providers

Browser Support

Testing HTTPS Records

# Query HTTPS records
dig HTTPS example.com
 
# With detailed output
dig HTTPS example.com +short
 
# Check specific nameserver
dig HTTPS example.com @ns1.dnscale.eu

Test in browser:

1. Open DevTools (F12)
2. Go to Network tab
3. Look for "Protocol" column showing h3 or h2

Related Record Types

• SVCB - General service binding (HTTPS is SVCB for HTTPS)
• A - IPv4 addresses (still needed)
• AAAA - IPv6 addresses (still needed)
• CNAME - Traditional aliasing

Conclusion

HTTPS records represent the future of web performance optimization, enabling browsers to establish faster, more secure connections. By advertising HTTP/3 support and providing connection hints, HTTPS records eliminate round trips and enable modern protocols from the first connection. DNScale's support for HTTPS records lets you optimize your web presence with cutting-edge DNS features.