The DNS HTTPS resource record is a new DNS record type designed for the delivery of configuration information and parameters required to initiate connections to HTTPS network services. It provides the ability to perform zone apex redirection to a third-party provider, which the existing CNAME record cannot do. In addition, it is a key enabler for TLS Encrypted ClientHello (ECH) by providing the cryptographic keying material needed to encrypt the initial exchange. To understand the adoption and security of this new DNS HTTPS record, we perform a longitudinal study on the server-side deployment of DNS HTTPS for Tranco top 1 million domains over 8 months, as well as the client-side support for DNS HTTPS from major browsers. To the best of knowledge, our work is the first longitudinal study on DNS HTTPS server deployment, and the first known study on client-side support for DNS HTTPS. Despite the rapidly growing trend of DNS HTTPS adoption, our study highlights concerns in the deployment by both servers and clients, such as the complexity in properly maintaining HTTPS records and the concerning hardfail mechanisms in browser when using HTTPS records.

翻译：DNS HTTPS资源记录是一种新型DNS记录类型，专为传递建立HTTPS网络服务连接所需的配置信息和参数而设计。它能实现将区域顶点重定向至第三方提供商，这是现有CNAME记录无法实现的功能。此外，它通过提供加密初始交换所需的密钥材料，成为TLS加密客户端问候（ECH）的关键支撑技术。为理解这一新型DNS HTTPS记录的采用情况与安全性，我们开展了一项历时8个月的纵向研究，既考察Tranco前100万域名在服务器端的DNS HTTPS部署情况，也分析主流浏览器对DNS HTTPS的客户端支持。据我们所知，本研究是首个针对DNS HTTPS服务器部署的纵向研究，也是首个关于DNS HTTPS客户端支持的研究。尽管DNS HTTPS的采用呈现快速增长趋势，但我们的研究揭示了服务器端和客户端在部署中存在的问题，例如正确维护HTTPS记录的复杂性，以及浏览器在使用HTTPS记录时令人担忧的硬故障机制。