A First Look at SVCB and HTTPS DNS Resource Records in the Wild

by   Johannes Zirngibl, et al.

The Internet Engineering Task Force is standardizing new DNS resource records, namely SVCB and HTTPS. Both records inform clients about endpoint and service properties such as supported application layer protocols, IP address hints or Encrypted Client Hello (ECH) information. Therefore, they allow clients to reduce required DNS queries and potential retries during connection establishment and thus help to improve the quality of experience and privacy of the client. The latter is achieved by reducing visible meta-data, which is further improved with encrypted DNS and ECH. The standardization is in its final stages and companies announced support, e.g., Cloudflare and Apple. Therefore, we provide the first large-scale overview of actual record deployment by analyzing more than 400 M domains. We find 3.96 k SVCB and 10.5 M HTTPS records. As of March 2023, Cloudflare hosts and serves most domains, and most records only contain Application-Layer Protocol Negotiation (ALPN) and IP address hints. Besides Cloudflare, we see adoption by a variety of authoritative name servers and hosting providers indicating increased adoption in the near future. Lastly, we can verify the correctness of records for more than 93 layer scans.


page 1

page 2

page 3

page 4


Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS

The Domain Name System (DNS) is the foundation of a human-usable Interne...

Saving Brian's Privacy: the Perils of Privacy Exposure through Reverse DNS

Given the importance of privacy, many Internet protocols are nowadays de...

Oblivious DNS: Practical Privacy for DNS Queries

Every Internet communication typically involves a Domain Name System (DN...

Oh SSH-it, what's my fingerprint? A Large-Scale Analysis of SSH Host Key Fingerprint Verification Records in the DNS

The SSH protocol is commonly used to access remote systems on the Intern...

Evaluating DNS Resiliency and Responsiveness with Truncation, Fragmentation DoTCP Fallback

Since its introduction in 1987, the DNS has become one of the core compo...

One to Rule them All? A First Look at DNS over QUIC

The DNS is one of the most crucial parts of the Internet. Since the orig...

Exploring HTTPS Security Inconsistencies: A Cross-Regional Perspective

If two or more identical HTTPS clients, located at different geographic ...

Please sign up or login with your details

Forgot password? Click here to reset