Browse Prior Art Database

DNS over Datagram Transport Layer Security (DTLS) (RFC8094) Disclosure Number: IPCOM000249489D
Original Publication Date: 2017-Feb-01
Included in the Prior Art Database: 2017-Mar-01
Document File: 26 page(s) / 31K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

T. Reddy: AUTHOR [+3]


The Domain Name System is specified in [RFC1034] and [RFC1035]. DNS queries and responses are normally exchanged unencrypted; thus, they are vulnerable to eavesdropping. Such eavesdropping can result in an undesired entity learning domain that a host wishes to access, thus resulting in privacy leakage. The DNS privacy problem is further discussed in [RFC7626].

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 9% of the total text.

Internet Engineering Task Force (IETF)                          T. Reddy Request for Comments: 8094                                         Cisco Category: Experimental                                           D. Wing ISSN: 2070-1721                                                                 P. Patil                                                                    Cisco                                                            February 2017

            DNS over Datagram Transport Layer Security (DTLS)


   DNS queries and responses are visible to network elements on the path    between the DNS client and its server.  These queries and responses    can contain privacy-sensitive information, which is valuable to    protect.

   This document proposes the use of Datagram Transport Layer Security    (DTLS) for DNS, to protect against passive listeners and certain    active attacks.  As latency is critical for DNS, this proposal also    discusses mechanisms to reduce DTLS round trips and reduce the DTLS    handshake size.  The proposed mechanism runs over port 853.

Status of This Memo

   This document is not an Internet Standards Track specification; it is    published for examination, experimental implementation, and    evaluation.

   This document defines an Experimental Protocol for the Internet    community.  This document is a product of the Internet Engineering    Task Force (IETF).  It represents the consensus of the IETF    community.  It has received public review and has been approved for    publication by the Internet Engineering Steering Group (IESG).  Not    all documents approved by the IESG are a candidate for any level of    Internet Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at

 Reddy, et al.                 Experimental                      [Page 1]
 RFC 8094                      DNS over DTLS                February 2017

 Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents    ( in effect on the date of    publication of this document.  Please review these documents    carefully, as they describe your rights and restrictions with respect    to this document.  Code Components e...