Improving security and performance with additional DNS resource record types in Amazon Route 53
Networking & Content Delivery Blog
This article discusses four new DNS resource record types added to Amazon Route 53: SVCB, HTTPS, TLSA, and SSHFP. These record types allow additional data to be supplied through DNS responses to improve application security and performance.
Specifically, the article covers:
- SVCB and HTTPS records - Allowing application owners to bind endpoint-specific information into DNS replies, enabling improved performance for protocols like HTTP/3 and encrypted client hello support.
- TLSA record - Supporting DNS-based Authentication of Named Entities (DANE) for improved TLS certificate validation through DNS, particularly useful for SMTP over TLS.
- SSHFP record - Providing SSH fingerprints in DNS responses, allowing clients to validate SSH server keys against trusted fingerprints for enhanced security.
- Conclusion - Get started with these new record types in Amazon Route 53 to improve application security and performance.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.