Domain Name System (DNS) Cookies, May 2016
- File formats:
- PROPOSED STANDARD
- Updated by:
- RFC 9018
- D. Eastlake 3rd
- dnsop (ops)
Cite this RFC: TXT | XML | BibTeX
Discuss this RFC: Send questions or comments to the mailing list firstname.lastname@example.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7873
DNS Cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and amplification/ forgery or cache poisoning attacks by off-path attackers. DNS Cookies are tolerant of NAT, NAT-PT (Network Address Translation - Protocol Translation), and anycast and can be incrementally deployed. (Since DNS Cookies are only returned to the IP address from which they were originally received, they cannot be used to generally track Internet users.)
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.