SVCB Record What is an SVCB record?
An SVCB (Service Binding) record is a DNS record type used to convey information about how to reach an alternative endpoint for a service, along with parameters that describe how to connect to it. It allows clients to discover service endpoints and connection properties — such as supported protocols and ports — in a single DNS lookup, reducing latency and enabling features like encrypted DNS bootstrapping. SVCB is defined in RFC 9460 and is the general-purpose form of the record; its companion type, HTTPS, is a specialization of SVCB for use with HTTP and HTTPS services.
SVCB record format
A typical SVCB record looks like the following in standard BIND format:
$ORIGIN example.com.
_foo._bar 3600 IN SVCB 1 svc.example.com. alpn="h2,h3" port="8443"
An anatomy of the SVCB Record
looks like the below:
| Host Label | TTL | Record Class | Record Type | SvcPriority | TargetName | SvcParams |
|---|---|---|---|---|---|---|
| _foo._bar.example.com. | 3600 | IN | SVCB | 1 | svc.example.com. | alpn="h2,h3" port="8443" |
The host label for an SVCB record typically follows the format _service._proto.name, identifying the service and protocol for which the binding applies. The name component is the domain or subdomain this record refers to. When an SVCB record is published at the apex of a zone or for a bare hostname, the label may simply be the domain name itself.
TTL
The time-to-live in seconds. It specifies how long a resolver is supposed to cache or remember the DNS query before the query expires and a new one needs to be done.
Record Class
Mainly 3 classes of DNS records exist:
- IN (Internet) – default and generally what internet uses.
- CH (Chaosnet) – used for querying DNS server versions.
- HS (Hesiod) – uses DNS functionality to provide access to databases of information that change infrequently.
The record format is defined using this field. Common record types are A, AAAA, CNAME, CAA, TXT etc. In the case of an SVCB record, the record type is SVCB.
SvcPriority
An integer value that controls the order in which SVCB records are tried when multiple records exist for the same owner name. Lower values indicate higher priority. The special value 0 designates the record as an AliasMode record (see glossary below), while any value of 1 or greater designates the record as a ServiceMode record. When multiple ServiceMode records share the same priority, clients may choose among them using a weight or at random.
TargetName
The domain name of the alternative endpoint that provides the service. In AliasMode (SvcPriority 0), this is the name the client should follow to find the actual SVCB ServiceMode records. In ServiceMode (SvcPriority 1 or greater), this is the hostname clients connect to; if set to . (a single dot), it indicates that the TargetName is the same as the owner name of the record.
SvcParams
An optional set of key-value parameters that describe how to connect to the target endpoint. SvcParams are only present in ServiceMode records (SvcPriority >= 1) and are absent in AliasMode records. Common SvcParam keys include:
- alpn – A comma-separated list of Application-Layer Protocol Negotiation (ALPN) protocol identifiers supported by the target, such as h2 for HTTP/2 or h3 for HTTP/3 over QUIC.
- port – The TCP or UDP port number of the alternative endpoint, if different from the default port for the service.
- ipv4hint – A comma-separated list of IPv4 addresses that clients may use as a hint to connect to the target, avoiding an additional A record lookup.
- ipv6hint – A comma-separated list of IPv6 addresses that clients may use as a hint to connect to the target, avoiding an additional AAAA record lookup.
- ech – Encrypted Client Hello configuration, encoded in Base64, enabling the client to encrypt the TLS ClientHello to protect the SNI from network observers.
- no-default-alpn – A flag indicating that the default protocol for this service should not be assumed; only the protocols listed in the alpn parameter are supported.
How to add an SVCB record?
For instructions on how to add an SVCB record with us, you may refer to the tutorial here.
SVCB record glossary
AliasMode
An SVCB record with SvcPriority set to 0 operates in AliasMode. It functions similarly to a CNAME, directing the client to follow the TargetName to find the actual ServiceMode SVCB records. AliasMode records may not carry any SvcParams and are intended to allow an apex domain (which cannot use a CNAME) to delegate service binding lookups to another name.
ServiceMode
An SVCB record with SvcPriority set to 1 or greater operates in ServiceMode. It directly describes an alternative endpoint for the service, including any connection parameters in the SvcParams field. Clients try ServiceMode records in priority order, lowest number first.
ALPN (Application-Layer Protocol Negotiation)
ALPN is a TLS extension that allows the client and server to negotiate which application-layer protocol will be used over the connection during the TLS handshake. Common ALPN identifiers include http/1.1, h2 (HTTP/2), and h3 (HTTP/3 over QUIC).
ECH (Encrypted Client Hello)
Encrypted Client Hello is a TLS extension that encrypts the ClientHello message, including the Server Name Indication (SNI), to prevent network observers from seeing which hostname a client is connecting to. SVCB records can carry ECH configuration via the ech SvcParam key.
HTTPS record
The HTTPS record type is a specialization of SVCB specifically for HTTP and HTTPS services. It behaves identically to SVCB but is looked up using the HTTPS record type rather than SVCB, and implies that the service supports HTTPS by default. Clients that support HTTPS records will use them in preference to SVCB when connecting to HTTP-based services.
QUIC
QUIC is a modern transport protocol that provides multiplexed connections with built-in encryption, designed to reduce connection latency compared to TCP+TLS. HTTP/3 runs over QUIC, and its support can be advertised to clients via the h3 ALPN identifier in an SVCB or HTTPS record.
BIND
Berkeley Internet Name Daemon - is the most commonly used DNS software on the Internet and Dynu observes BIND format.