HTTPS record

Last change on 2025-10-07 • Created on 2025-10-07 • ID: NE-9A147

Usage

HTTPS records point (sub)domains to (sub)domains. The HTTPS record can also include connection parameters (e.g. IP addresses).

Example:

Type Name (use @ for root) Priority Value Parameter TTL
HTTPS @ 0 example.com. ipv4hint=203.0.113.1 alpn="h3,h2"
HTTPS shop 0 shop.example.com.
A shop 198.51.100.1
Server 1
IP
🌐
203.0.113.1
example.com
Server 2
IP
🛒
198.51.100.1
shop.example.com

Description

ℹ   Formatting convention for domains in DNS records
No period at the end of the (sub)domain
The zone itself is appended automatically at the end of the entry (e.g. www is interpreted as www.example.com).

Period at the end of the (sub)domain
The entry is used exactly as provided and no domain suffix is appended (e.g. www.example.com. is interpreted as www.example.com).

More information

HTTPS records are a variant of SVCB records (service binding) that are explicitly meant for HTTPS connections. When a client that supports HTTPS records sends a DNS query, it will first check whether an HTTPS record is available for the requested domain. Only afterwards, it will check for A and AAAA records.

  • If an HTTPS record is available and contains an IP hint, the client will establish a connection to that IP address using the connection parameters defined in the HTTPS record.

  • If an HTTPS record is available and does not contain an IP hint, the client will retrieve the IP address via an A and AAAA record. The client will establish a connection to that IP address, still using the connection parameters defined in the HTTPS record.

HTTPS record available No HTTPS record available
When the client connects to the domain for the first time, it will use HTTPS. It does not matter whether the IP address is obtained from an IP hint or from an A/AAAA record. When the client connects to the domain for the first time, it will use HTTP.
When the client establishes the connection, it uses the connection parameters provided in the HTTPS record. When the client establishes the connection, it does not have any additional information regarding connection parameters such as port or supported protocols.

The client (browser) has to support HTTPS records. If a client doesn't support HTTPS records, it won't check if an HTTPS record is available and all requests are treated as if there is no HTTPS record — even if there is. For this reason, you should always add an A record, even if your HTTPS record includes an IPv4 hint.

Table of Contents