CloudFront Route53 HTTPS DNS record 지원

• 개요

CloudFront alias로 Route53에서 HTTPS DNS record를 지원 (2025년 7월 1일)
https://aws.amazon.com/ko/blogs/networking-and-content-delivery/boost-application-performance-amazon-cloudfront-enables-https-record/

 

• 장점

DNS 쿼리 비용 절감
DNS RTT 절감
HTTPS 바로 시작

 

• 적용방법

1. CloudFront HTTP/2, HTTP/3 enable
2. Route53 a record alias CloudFront 생성
3. Route53 HTTPS record alias CloudFront 생성

 

• 확인방법

### MAC 기본 유틸 dig
# dig -v
DiG 9.10.6
# dig exmaple TYPE65

#### dig latest
# brew install bind
# echo 'alias dig="/opt/homebrew/bin/dig"' >> ~/.zshrc
# source ~/.zshrc
# dig -v                                        
DiG 9.20.10
# dig example.com HTTPS

 

• 비고 (AWS는 적용안되어 있고, 구글 이나 클라우드플레어는 잘 되어 있음)

➜  ~ dig amazonaws.com HTTPS

; <<>> DiG 9.20.10 <<>> amazonaws.com HTTPS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63616
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: ba13fd850a96cabf010000006865e55ec520d43d566125a5 (good)
;; QUESTION SECTION:
;amazonaws.com.			IN	HTTPS

;; AUTHORITY SECTION:
amazonaws.com.		900	IN	SOA	dns-external-master.amazon.com. hostmaster.amazon.com. 2017224478 180 60 604800 900

;; Query time: 8 msec
;; SERVER: 168.126.63.1#53(168.126.63.1) (UDP)
;; WHEN: Thu Jul 03 11:05:18 KST 2025
;; MSG SIZE  rcvd: 147

➜  ~ dig google.com HTTPS

; <<>> DiG 9.20.10 <<>> google.com HTTPS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43173
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d6431d33010ba853010000006865e5665cb50cbf6aa8f0af (good)
;; QUESTION SECTION:
;google.com.			IN	HTTPS

;; ANSWER SECTION:
google.com.		1415	IN	HTTPS	1 . alpn="h2,h3"

;; ADDITIONAL SECTION:
google.com.		70	IN	A	142.250.198.46
google.com.		21	IN	AAAA	2404:6800:4005:81b::200e

;; Query time: 8 msec
;; SERVER: 168.126.63.1#53(168.126.63.1) (UDP)
;; WHEN: Thu Jul 03 11:05:26 KST 2025
;; MSG SIZE  rcvd: 136

➜  ~ dig cloudflare.com HTTPS

; <<>> DiG 9.20.10 <<>> cloudflare.com HTTPS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9447
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c43ae3d6d007332d010000006865e56e1ef19160a3c47d37 (good)
;; QUESTION SECTION:
;cloudflare.com.			IN	HTTPS

;; ANSWER SECTION:
cloudflare.com.		184	IN	HTTPS	1 . alpn="h3,h2" ipv4hint=104.16.132.229,104.16.133.229 ipv6hint=2606:4700::6810:84e5,2606:4700::6810:85e5

;; ADDITIONAL SECTION:
cloudflare.com.		294	IN	A	104.16.132.229
cloudflare.com.		294	IN	A	104.16.133.229

;; Query time: 9 msec
;; SERVER: 168.126.63.1#53(168.126.63.1) (UDP)
;; WHEN: Thu Jul 03 11:05:35 KST 2025
;; MSG SIZE  rcvd: 176