HIP Record Experimental
The HIP record (Host Identity Protocol) stores cryptographic host identifiers and associated IP addresses in DNS. Defined in RFC 8005, HIP enables identifier-locator separation, where a host's identity is distinct from its network location.
Look Up HIP Records
Check HIP records for any domain using our free DNS lookup tool.
Look Up HIP Records →What Is a HIP Record?
HIP (Host Identity Protocol) separates the roles of IP addresses into:
- Host Identity — Cryptographic identifier for the host
- Locator — IP addresses where the host can be reached
This separation enables mobility, multi-homing, and enhanced security. The HIP record publishes the Host Identity Tag (HIT) and associated rendezvous servers or locators.
HIP Record Format
Example HIP Record
example.com. 3600 IN HIP 2 200100107B1A74DF... AwEAAcNR... rvs.example.com.PK Algorithm: 2 (RSA), HIT, Public Key, and Rendezvous Server.
HIP Record Fields
| Field | Description | Example |
|---|---|---|
| PK Algorithm | Public key algorithm | 2 (RSA), 5 (ECDSA) |
| HIT | Host Identity Tag (128-bit hash) | 200100107B1A74DF... |
| Public Key | Host's public key (Base64) | AwEAAcNR... |
| Rendezvous Servers | Optional RVS hostnames | rvs.example.com. |
Public Key Algorithms
| Value | Algorithm |
|---|---|
| 2 | RSA |
| 5 | DSA |
| 7 | ECDSA |
| 9 | ECDSA_LOW |
How HIP Works
- Client queries DNS for HIP record of target host
- Receives HIT (Host Identity Tag) and public key
- If RVS provided, contacts rendezvous server
- Establishes HIP connection using cryptographic handshake
- Communication continues using HIP overlay
HIP Use Cases
Mobile Devices
HIP enables seamless roaming as device IP changes:
mobile.example.com. HIP 2 200100107B1A74DF... AwEAAcNR... rvs.example.com.Multi-Homed Servers
Servers with multiple network connections maintain consistent identity:
server.example.com. HIP 2 200100107B1A74DF... AwEAAcNR...Enhanced Security
Cryptographic identity prevents IP spoofing and enables IPsec-like security.
HIP Components
| Component | Description |
|---|---|
| Host Identity (HI) | Public key representing the host |
| Host Identity Tag (HIT) | 128-bit hash of the HI (used in connections) |
| Locator | IP address(es) where host is reachable |
| Rendezvous Server (RVS) | Helps establish initial contact |
HIP Benefits
- Mobility — Connections survive IP address changes
- Multi-homing — Use multiple network interfaces seamlessly
- Security — Cryptographic authentication of hosts
- NAT traversal — Works through NAT with RVS
- Privacy — Can use temporary HITs
HIP Best Practices
- Use DNSSEC — Sign HIP records to prevent spoofing.
- Deploy RVS — Rendezvous servers help with NAT traversal.
- Keep keys secure — Protect the private key of the HI.
- Monitor deployment — HIP has limited adoption; verify support.
HIP Adoption
While HIP provides elegant solutions to IP mobility and multi-homing, adoption remains limited due to:
- Complexity — Requires changes to networking stack
- Alternative solutions — QUIC, MPTCP address similar needs
- Limited software support — Few applications use HIP
- Deployment challenges — Requires infrastructure changes
Troubleshooting HIP
Common issues and solutions:
- Record not found — HIP records are rare; most domains don't have them.
- Connection fails — Verify both ends support HIP.
- RVS unreachable — Check rendezvous server is operational.
- Key mismatch — Ensure HIT matches the public key.
Explore All DNS Record Types
DNS Explorer validates and monitors all DNS record types including experimental records like HIP.
Start free DNS Explorer trial14-day full-feature trial
Check Your HIP Records
Use our DNS Record Finder to look up HIP records for any domain.
Look Up HIP Records →Related Record Types
- A Record — IPv4 locator
- AAAA Record — IPv6 locator
- IPSECKEY Record — IPsec keys
- SSHFP Record — SSH fingerprints