Features

Announcing Support for Service Binding (SVCB and HTTPS) Records

Anthony Eden's profile picture Anthony Eden on

This week we are announcing support for Service Binding Records record types in DNSimple. SVCB and HTTPS DNS records, standardized in RFC 9460, give clients the information they need to connect to HTTP services before a connection is established. That means better performance, stronger privacy, and RFC-compliant aliasing at the zone apex without relying on CNAME.

SVCB and HTTPS DNS records are among the most requested modern DNS features. With support in DNSimple, you can publish service binding information for your origins, signal HTTP/3 (QUIC) support, and delegate HTTPS traffic to CDNs or hosting providers at the apex using an RFC-compliant method. Browsers and other HTTP clients that support these records can connect more efficiently and avoid extra round trips.

What are SVCB and HTTPS DNS records?

SVCB (DNS RR type 64) is a general-purpose record type that describes how to reach a service. Each record can point to an alternative endpoint (by name) and attach parameters such as port, supported protocols (ALPN), and optional IP hints. SVCB supports two modes:

  • AliasMode (priority 0): The record aliases the service to another domain name, similar in spirit to CNAME but scoped to a specific service and allowed at the zone apex.
  • ServiceMode (priority > 0): The record describes an endpoint and its parameters (e.g., port, ALPN, ipv4hint/ipv6hint).

HTTPS (DNS RR type 65) is an SVCB-compatible type dedicated to HTTP. For https:// (and upgraded http://) origins, clients query for HTTPS records using the origin hostname directly (no underscore prefix for port 443). That makes HTTPS records easy to use with wildcards and CNAMEs. In addition to the same aliasing and parameter binding as SVCB, the presence of an HTTPS DNS record signals that clients should use the https scheme for that origin, similar to HSTS.

Why use SVCB and HTTPS DNS records?

SVCB and HTTPS DNS records offer several benefits:

  • Performance: Clients learn preferred protocols (e.g., HTTP/3) and endpoints in one DNS lookup, reducing connection setup time and avoiding failed attempts to less optimal endpoints.
  • Privacy: When used with a privacy-preserving DNS transport (e.g., DNS over HTTPS or DNS over TLS), service binding information is not exposed to the same degree as with multiple visible connection attempts.
  • Apex aliasing: You can alias an apex domain (e.g., example.com) to a CDN or host without CNAME. CNAME is not allowed at the apex wheres HTTPS AliasMode is.
  • Parameter binding: Each endpoint can declare its own port, ALPN set, and optional IP hints, so different backends (e.g., primary vs backup) can advertise different capabilities in a single RRset.

For more on how clients use these records, see RFC 9460.

HTTPS and ALIAS records

Apex aliasing can also be accomplished with ALIAS records in DNSimple, a properietary type that we have supported for over a decade. ALIAS and HTTPS records each have their benefits and drawbacks. You can read more about the differenced between them in our support document on the Differences Between HTTPS and ALIAS Records.

How to create SVCB and HTTPS DNS records in DNSimple

You can create and manage Service Binding records from both the DNSimple UI and API.

Using the UI record editor

The record editor offers two modes:

  • Simple editor: Enter the full record content in a single field (SvcPriority, TargetName, and SvcParams in zone-file format).
  • Advanced editor: Set Priority, Target, and SvcParams in separate fields. Supported SvcParam keys include the standard ones (e.g., alpn, port, ipv4hint, ipv6hint) and custom keys using the keyNNNNN format from RFC 9460.

Input is validated per RFC 9460 (SvcPriority, TargetName, and SvcParams), and the live preview updates as you type.

  1. Open your domain and go to the DNS management page.
  2. Click "Add Record" and choose "SVCB" or "HTTPS" from the record type list.
  3. Enter the record name (leave blank or use @ for the zone apex for HTTPS on port 443).
  4. Set Priority: 0 for AliasMode (alias to TargetName only), or a positive value for ServiceMode.
  5. Set Target: The domain name of the alias target (AliasMode) or the endpoint (ServiceMode). Use . in ServiceMode to mean "use the record owner name as the endpoint."
  6. Optionally add SvcParams (e.g., alpn=h2,h3, port=443, ipv4hint=192.0.2.1, ipv6hint=2001:db8::1). Format is key=value pairs, space-separated.
  7. Set TTL and save.

Example

To alias https://example.com to a CDN at pool.svc.example.net, add an HTTPS record at the apex with priority 0 and target pool.svc.example.net. To advertise HTTP/3 for the same origin, add an HTTPS record with priority 1, target ., and SvcParams alpn=h2,h3.

Using the API

Create SVCB or HTTPS DNS records with the existing DNSimple zone record API. Example:

curl -X POST "https://api.dnsimple.com/v2/{account}/zones/{zone}/records" \
  -H "Authorization: Bearer {token}" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "",
    "type": "HTTPS",
    "content": "1 . alpn=h2,h3",
    "ttl": 3600
  }'

The content field uses the same presentation format as in zone files: SvcPriority TargetName SvcParams. For SVCB, the name may include the Attrleaf prefix (e.g., _8443._https for port 8443). Our Terraform provider and API clients (including the Ruby client) support SVCB and HTTPS records, so you can manage them in code and infrastructure as usual.

Provider support and zone management

In our Domain Control Plane, provider synchronization for SVCB and HTTPS records is as follows:

  • Route53: Full SVCB/HTTPS sync support
  • CoreDNS: Full SVCB/HTTPS sync support
  • Azure DNS: Does not support SVCB/HTTPS records

Zone file import and export include SVCB and HTTPS records (round-trip verified). Inbound AXFR imports SVCB/HTTPS records, and outbound AXFR includes them, so you can migrate zones that use these record types to and from DNSimple.

Getting started

You can add SVCB and HTTPS DNS records to your domains today from the DNSimple dashboard or via the API. For more on DNS record types and zone management, see our support documentation.

If you have questions about using SVCB or HTTPS DNS records, or want to suggest other features, get in touch. We’d love to hear from you.

Not using DNSimple yet? Give us a try free for 30 days.

Share on Twitter and Facebook

Anthony Eden's profile picture

Anthony Eden

I break things so Simone continues to have plenty to do. I occasionally have useful ideas, like building a domain and DNS provider that doesn't suck.

We think domain management should be easy.
That's why we continue building DNSimple.

Try us free for 30 days
4.5 stars

4.5 out of 5 stars.

Based on Trustpilot.com and G2.com reviews.

Culture

Using time tracking to improve your remote working habits

What we learned, individually, from our collective time tracking experiment.

Antoine Meunier's profile picture Antoine Meunier
Learning

The Top DNS Servers And What They Offer

There are a lot of DNS Servers out there. We're looking at some of the top ones here and comparing their features and why some are chosen.

Joseph Caudle's profile picture Joseph Caudle
Engineering

Two years of squash merge

A retrospective of the last two years where we adopted --squash as our default merge strategy for git branches.

Simone Carletti's profile picture Simone Carletti