Usage Profiles for DNS over TLS and DNS over DTLS
RFC 8310, “Usage Profiles for DNS over TLS and DNS over DTLS”, is a Proposed Standard document published in March 2018 by S. Dickinson, D. Gillmor, T. Reddy. It updates RFC 7858. The canonical text is published by the RFC Editor.
Abstract
This document discusses usage profiles, based on one or more authentication mechanisms, which can be used for DNS over Transport Layer Security (TLS) or Datagram TLS (DTLS). These profiles can increase the privacy of DNS transactions compared to using only cleartext DNS. This document also specifies new authentication mechanisms -- it describes several ways that a DNS client can use an authentication domain name to authenticate a (D)TLS connection to a DNS server. Additionally, it defines (D)TLS protocol profiles for DNS clients and servers implementing DNS over (D)TLS. This document updates RFC 7858.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 8310 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 8309 Service Models Explained
- RFC 8311 Relaxing Restrictions on Explicit Congestion Notification Experimentation
- RFC 8308 Extension Negotiation in the Secure Shell Protocol
- RFC 8312 CUBIC for Fast Long-Distance Networks
- RFC 8307 Well-Known URIs for the WebSocket Protocol
- RFC 8313 Use of Multicast across Inter-domain Peering Points
- RFC 8314 Cleartext Considered Obsolete: Use of Transport Layer Security for Email Submission and Access
- RFC 8315 Cancel-Locks in Netnews Articles