Add an HTTPS DNS record (and what is it really)
What is an HTTPS DNS record
The short answer: An HTTPS DNS record tells your computer directly how to securely connect to a Web site, without any extra steps. This makes everything faster and more secure.
The comprehensive answer
An HTTPS DNS record is a new type of DNS record, defined in RFC 8484, that helps to optimize and secure the way users connect to Web services over HTTPS. Setting up this type of record properly will enable more efficient and secure connections to your domain name over HTTPS.
This offers several advantages:
Important uses of an HTTPS DNS record
- Secure HTTPS connections: The record allows browsers and apps to more quickly detect that your website supports HTTPS. This allows a secure connection to be made immediately, without first having to redirect through HTTP.
- TLS encrypted communication: It helps set up an encrypted connection (TLS) between your website and the user’s browser without additional DNS queries. This reduces latency by avoiding unnecessary redirects.
- Improved performance:
- Pre-load HTTPS: The record informs clients that your domain name supports HTTPS, so they don’t have to go through an insecure connection first.
- Alternative Services (Alt-Svc): It allows you to send clients to alternative servers, such as a CDN (Content Delivery Network), which improves load time and scalability.
- Enhanced privacy with DoH: The HTTPS DNS record can be used with DNS-over-HTTPS (DoH), a privacy-oriented method that ensures DNS queries are encrypted so no one can eavesdrop on them.
- HTTP/3 (QUIC) support: If your website supports HTTP/3 (based on the QUIC protocol), you can specify this in the HTTPS DNS record so that browsers and apps use it. This makes for faster and more stable connections, especially on mobile networks.
Here’s how to add an HTTPS DNS record
- Go to My Domains in the My Hosting.NL Dashboard
- Select the domain name in question and then click on DNS Management
- Then click on the ‘Green box with the plus sign’ to add a new record
- Enter the information below in the window:
- Name: For example, janjansen.com, www.janjansen.nl or cdn.janjansen.com
- Type: select the HTTPS type of record
- Content:
- Example 1:
1 . alpn=h3,h2 - Example 2:
1 . alpn=h3,h2 port=91 ipv4hint=1.2.3.4
- Example 1:
- Priority: for HTTPS DNS records, leave this field blank
- Click Add to add your new record.
A general example of an HTTPS DNS record looks like this:
www.janjansen.nl. 3600 IN HTTPS 1 . alpn=h3,h2 ipv4hint=1.2.3.4,9.8.7.6 ipv6hint=2001:db8:3333:4444:5555:6666:7777:8888,2001:db8:3333:4444:CCCC:DDDD:EEEE:FFFF
- www.janjansen.nl is the domain name
- 1800 is the Time To Live (TTL).
- HTTPS is the DNS record type
- 1 is the priority
- . is the target domain. A dot means that the target is the same as the domain name
- alpn=h3,h2 indicates which HTTP(S) protocols are allowed
- ipv4hint=1.2.3.4,9.8.7.6 (optional) specifies an ipv4 hint that does not require a client to make an additional query to retrieve an A record
- ipv6hint=2001:db8:3333:4444:5555:6666:7777:8888,2001:db8:3333:4444:CCCC:DDDD:EEEE:FFFF (optional) specifies an ipv6 hint that does not require a client to do an additional query to retrieve an A record
A practical example of an HTTPS DNS record:
home.janjansen.nl 1800 IN HTTPS 1 . alpn=h3,h2 ipv4hint=1.2.3.4 ipv6hint=2001:db8:3333:4444:5555:6666:7777:8888 port=91This practical example specifies that home.janjansen.co.uk supports both HTTP/2 (h2) and HTTP/3 (h3), that via IPv4 connection should be made to 1.2.3.4, via IPv6 to 2001:db8:3333:4444:5555:6666:7777:8888, and that clients should connect via port 91.
