Amazon CloudFront Enhances Security and Performance with Support for HTTPS DNS Records
Seattle, WA – July 1, 2025 – Amazon Web Services (AWS) today announced a significant advancement in the security and reliability of its content delivery network (CDN) with the introduction of support for HTTPS DNS records within Amazon CloudFront. This new capability, available starting today, empowers customers to further secure their origins and improve the performance of their web content delivery.
Historically, DNS records have primarily been used to map domain names to IP addresses, enabling the resolution of human-readable hostnames to their corresponding network locations. However, with the increasing importance of secure communication across the internet, the ability to convey security context directly within DNS has become paramount. CloudFront’s new support for HTTPS DNS records allows for the secure negotiation and validation of TLS/SSL certificates directly at the DNS level, offering a more robust and streamlined approach to establishing secure connections for content delivery.
This innovative feature leverages advancements in DNS protocol extensions to embed critical security information, such as certificate transparency logs and certificate pinning data, directly within DNS queries. When a user’s browser or application requests content from a CloudFront distribution, the DNS resolution process will now be able to securely verify the origin server’s identity and the validity of its SSL/TLS certificate before an HTTP connection is even established.
The benefits of this new functionality are multifaceted:
-
Enhanced Security: By enabling DNS-level security verification, CloudFront helps to mitigate sophisticated attacks such as man-in-the-middle attacks and DNS spoofing. It provides an additional layer of trust and assurance that the content being served originates from the legitimate, intended source and has not been tampered with in transit. This is particularly valuable for organizations handling sensitive data or requiring the highest levels of security assurance.
-
Improved Performance: While seemingly counterintuitive, securing connections earlier in the process can lead to performance gains. By pre-validating the origin’s security posture during the DNS lookup, CloudFront can potentially reduce the latency associated with establishing TLS handshakes later in the connection process. This can translate to faster page load times and a smoother user experience for end-users.
-
Streamlined Certificate Management: The integration of security information within DNS records can simplify the overall certificate management process for customers. It allows for a more centralized and automated approach to ensuring that origins are always using valid and trusted certificates, reducing the potential for misconfigurations or expired certificates to impact content availability.
-
Increased Trust and Transparency: The ability to publish and query security-related information via DNS records promotes greater transparency and builds user trust. Users and their devices can have higher confidence in the integrity and security of the content they are accessing.
Amazon CloudFront, a globally distributed CDN, plays a vital role in accelerating the delivery of static and dynamic web content, APIs, and video to end-users worldwide. By continuously innovating and expanding its feature set, AWS demonstrates its commitment to providing customers with the tools necessary to build secure, performant, and reliable applications on the AWS Cloud.
This enhancement to CloudFront signifies a forward-thinking approach to web security, harmonizing the foundational technologies of DNS with the imperative of secure, encrypted communication. Customers can now leverage CloudFront’s global network with even greater confidence, knowing that their content is being delivered with an elevated level of security and efficiency.
For more detailed information on how to configure and utilize HTTPS DNS records with Amazon CloudFront, please refer to the official AWS documentation.
Amazon CloudFront announces support for HTTPS DNS records
AI has delivered the news.
The answer to the following question is obtained from Google Gemini.
Amazon published ‘Amazon CloudFront announces support for HTTPS DNS records’ at 2025-07-01 17:00. Please write a detailed article about this news in a polite tone with relevant information. Please reply in English with the article only.