RFC 7873

Domain Name System (DNS) Cookies, May 2016

Canonical URL:
https://www.rfc-editor.org/rfc/rfc7873.txt
File formats:
Plain TextPDF
Status:
PROPOSED STANDARD
Authors:
D. Eastlake 3rd
M. Andrews
Stream:
IETF
Source:
dnsop (ops)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC7873

Discuss this RFC: Send questions or comments to dnsop@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

DNS Cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and amplification/ forgery or cache poisoning attacks by off-path attackers. DNS Cookies are tolerant of NAT, NAT-PT (Network Address Translation - Protocol Translation), and anycast and can be incrementally deployed. (Since DNS Cookies are only returned to the IP address from which they were originally received, they cannot be used to generally track Internet users.)


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader