Domain Name System (DNS) Cookies, May 2016
- File formats:
- PROPOSED STANDARD
- Updated by:
- RFC 9018
- D. Eastlake 3rd
- dnsop (ops)
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
DNS Cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and amplification/ forgery or cache poisoning attacks by off-path attackers. DNS Cookies are tolerant of NAT, NAT-PT (Network Address Translation - Protocol Translation), and anycast and can be incrementally deployed. (Since DNS Cookies are only returned to the IP address from which they were originally received, they cannot be used to generally track Internet users.)
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.