RFC 7873

Domain Name System (DNS) Cookies, May 2016

File formats:
icon for text file icon for PDF icon for HTML
Updated by:
RFC 9018
D. Eastlake 3rd
M. Andrews
dnsop (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC7873

Discuss this RFC: Send questions or comments to the mailing list dnsop@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 7873


DNS Cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and amplification/ forgery or cache poisoning attacks by off-path attackers. DNS Cookies are tolerant of NAT, NAT-PT (Network Address Translation - Protocol Translation), and anycast and can be incrementally deployed. (Since DNS Cookies are only returned to the IP address from which they were originally received, they cannot be used to generally track Internet users.)

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search