RFC 7858

Specification for DNS over Transport Layer Security (TLS), May 2016

Canonical URL:
https://www.rfc-editor.org/rfc/rfc7858.txt
File formats:
Plain TextPDF
Status:
PROPOSED STANDARD
Authors:
Z. Hu
L. Zhu
J. Heidemann
A. Mankin
D. Wessels
P. Hoffman
Stream:
IETF
Source:
dprive (int)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC7858

Discuss this RFC: Send questions or comments to dns-privacy@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS. This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE Working Group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader



Search RFCs
Advanced Search
×