TY - GEN
T1 - A First Look at SVCB and HTTPS DNS Resource Records in the Wild
AU - Zirngibl, Johannes
AU - Sattler, Patrick
AU - Carle, Georg
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The Internet Engineering Task Force is standardizing new DNS resource records, namely SVCB and HTTPS. Both records inform clients about endpoint and service properties such as supported application layer protocols, IP address hints or Encrypted Client Hello (ECH) information. Therefore, they allow clients to reduce required DNS queries and potential retries during connection establishment and thus help to improve the quality of experience and privacy of the client. The latter is achieved by reducing visible metadata, which is further improved with encrypted DNS and ECH. The standardization is in its final stages and companies announced support, e.g., Cloudflare and Apple. Therefore, we provide the first large-scale overview of actual record deployment by analyzing more than 400 M domains. We find 3.96kSVCB and 10.5 M HTTPS records. As of March 2023, Cloudflare hosts and serves most domains, and most records only contain Application-Layer Protocol Negotiation (ALPN) and IP address hints. Besides Cloudflare, we see adoption by a variety of authoritative name servers and hosting providers indicating increased adoption in the near future. Lastly, we can verify the correctness of records for more than 93% of domains based on three application layer scans.
AB - The Internet Engineering Task Force is standardizing new DNS resource records, namely SVCB and HTTPS. Both records inform clients about endpoint and service properties such as supported application layer protocols, IP address hints or Encrypted Client Hello (ECH) information. Therefore, they allow clients to reduce required DNS queries and potential retries during connection establishment and thus help to improve the quality of experience and privacy of the client. The latter is achieved by reducing visible metadata, which is further improved with encrypted DNS and ECH. The standardization is in its final stages and companies announced support, e.g., Cloudflare and Apple. Therefore, we provide the first large-scale overview of actual record deployment by analyzing more than 400 M domains. We find 3.96kSVCB and 10.5 M HTTPS records. As of March 2023, Cloudflare hosts and serves most domains, and most records only contain Application-Layer Protocol Negotiation (ALPN) and IP address hints. Besides Cloudflare, we see adoption by a variety of authoritative name servers and hosting providers indicating increased adoption in the near future. Lastly, we can verify the correctness of records for more than 93% of domains based on three application layer scans.
KW - DNS
KW - HTTPS
KW - Internet measurement
KW - SVCB
UR - http://www.scopus.com/inward/record.url?scp=85168255216&partnerID=8YFLogxK
U2 - 10.1109/EuroSPW59978.2023.00058
DO - 10.1109/EuroSPW59978.2023.00058
M3 - Conference contribution
AN - SCOPUS:85168255216
T3 - Proceedings - 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023
SP - 470
EP - 474
BT - Proceedings - 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2023
Y2 - 3 July 2023 through 7 July 2023
ER -