DNS over Datagram Transport Layer Security
RFC 8094, “DNS over Datagram Transport Layer Security”, is an Experimental document published in February 2017 by T. Reddy, D. Wing, P. Patil. The canonical text is published by the RFC Editor.
Abstract
DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses can contain privacy-sensitive information, which is valuable to protect.
This document proposes the use of Datagram Transport Layer Security (DTLS) for DNS, to protect against passive listeners and certain active attacks. As latency is critical for DNS, this proposal also discusses mechanisms to reduce DTLS round trips and reduce the DTLS handshake size. The proposed mechanism runs over port 853.
What “Experimental” means
Describes a specification that is part of a research or development effort, published so the community can gain experience with it.
The canonical text of RFC 8094 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8093 Deprecation of BGP Path Attribute Values 30, 31, 129, 241, 242, and 243
- RFC 8095 Services Provided by IETF Transport Protocols and Congestion Control Mechanisms
- RFC 8092 BGP Large Communities Attribute
- RFC 8096 The IPv6-Specific MIB Modules Are Obsolete
- RFC 8091 A Media Type Structured Syntax Suffix for JSON Text Sequences
- RFC 8097 BGP Prefix Origin Validation State Extended Community
- RFC 8090 Appointment Procedures for the IETF Representatives to the Community Coordination Group
- RFC 8098 Message Disposition Notification