DNS over Datagram Transport Layer Security (DTLS) (RFC8094)
Original Publication Date: 2017-Feb-01
Included in the Prior Art Database: 2017-Mar-01
Internet Society Requests For Comment (RFCs)
T. Reddy: AUTHOR [+3]
The Domain Name System is specified in [RFC1034] and [RFC1035]. DNS queries and responses are normally exchanged unencrypted; thus, they are vulnerable to eavesdropping. Such eavesdropping can result in an undesired entity learning domain that a host wishes to access, thus resulting in privacy leakage. The DNS privacy problem is further discussed in [RFC7626].
Internet Engineering Task Force (IETF) T. Reddy Request for Comments: 8094 Cisco Category: Experimental D. Wing ISSN: 2070-1721 P. Patil Cisco February 2017
DNS over Datagram Transport Layer Security (DTLS)
DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses can contain privacy-sensitive information, which is valuable to protect.
This document proposes the use of Datagram Transport Layer Security (DTLS) for DNS, to protect against passive listeners and certain active attacks. As latency is critical for DNS, this proposal also discusses mechanisms to reduce DTLS round trips and reduce the DTLS handshake size. The proposed mechanism runs over port 853.
Status of This Memo
This document is not an Internet Standards Track specification; it is published for examination, experimental implementation, and evaluation.
This document defines an Experimental Protocol for the Internet community. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc8094.
Reddy, et al. Experimental [Page 1]
RFC 8094 DNS over DTLS February 2017
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components e...