Specification for DNS over Transport Layer Security (TLS) . Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., & Hoffman, P. Technical Report 7858, Internet Request For Comments, May, 2016. ![Specification for DNS over Transport Layer Security (TLS) [link]](https://bibbase.org/img/filetypes/link.svg "link")
Paper doi abstract bibtex This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS. \par This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE Working Group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic. \par This document is a product of the DNS PRIVate Exchange Working Group of the IETF. \par This is now a Proposed Standard.
@TechReport{Hu16a,
author = "Z. Hu and L. Zhu and J. Heidemann and
A. Mankin and D. Wessels and P. Hoffman",
title = "Specification for {DNS} over {Transport} {Layer} {Security} ({TLS}) ",
institution = "Internet Request For Comments",
year = 2016,
sortdate = "2016-05-17",
project = "ant, lacrend, lander, retrofuture, tdns",
jsubject = "network_observation",
type = "RFC",
number = 7858,
month = may,
jlocation = "johnh: pafiles",
keywords = "dns-over-tls, connection-oriented dns,
rfc-7858, dns privacy",
url = "https://ant.isi.edu/%7ejohnh/PAPERS/Hu16a.html",
pdfurl = "https://ant.isi.edu/%7ejohnh/PAPERS/Hu16a.pdf",
otherurl = "http://www.rfc-editor.org/rfc/rfc7858.txt",
doi = "http://dx.doi.org/10.17487/RFC7858",
abstract = "
This document describes the use of Transport Layer Security (TLS) to
provide privacy for DNS. Encryption provided by TLS eliminates
opportunities for eavesdropping and on-path tampering with DNS
queries in the network, such as discussed in RFC 7626. In addition,
this document specifies two usage profiles for DNS over TLS and
provides advice on performance considerations to minimize overhead
from using TCP and TLS with DNS.
\par
This document focuses on securing stub-to-recursive traffic, as per
the charter of the DPRIVE Working Group. It does not prevent future
applications of the protocol to recursive-to-authoritative traffic.
\par
This document is a product of the DNS PRIVate Exchange Working Group of the IETF.
\par
This is now a Proposed Standard.
",
}
Downloads: 0
{"_id":"rt7HviCgZNn4cYnA5","bibbaseid":"hu-zhu-heidemann-mankin-wessels-hoffman-specificationfordnsovertransportlayersecuritytls-2016","author_short":["Hu, Z.","Zhu, L.","Heidemann, J.","Mankin, A.","Wessels, D.","Hoffman, P."],"bibdata":{"bibtype":"techreport","type":"RFC","author":[{"firstnames":["Z."],"propositions":[],"lastnames":["Hu"],"suffixes":[]},{"firstnames":["L."],"propositions":[],"lastnames":["Zhu"],"suffixes":[]},{"firstnames":["J."],"propositions":[],"lastnames":["Heidemann"],"suffixes":[]},{"firstnames":["A."],"propositions":[],"lastnames":["Mankin"],"suffixes":[]},{"firstnames":["D."],"propositions":[],"lastnames":["Wessels"],"suffixes":[]},{"firstnames":["P."],"propositions":[],"lastnames":["Hoffman"],"suffixes":[]}],"title":"Specification for DNS over Transport Layer Security (TLS) ","institution":"Internet Request For Comments","year":"2016","sortdate":"2016-05-17","project":"ant, lacrend, lander, retrofuture, tdns","jsubject":"network_observation","number":"7858","month":"May","jlocation":"johnh: pafiles","keywords":"dns-over-tls, connection-oriented dns, rfc-7858, dns privacy","url":"https://ant.isi.edu/%7ejohnh/PAPERS/Hu16a.html","pdfurl":"https://ant.isi.edu/%7ejohnh/PAPERS/Hu16a.pdf","otherurl":"http://www.rfc-editor.org/rfc/rfc7858.txt","doi":"http://dx.doi.org/10.17487/RFC7858","abstract":"This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS. \\par This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE Working Group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic. \\par This document is a product of the DNS PRIVate Exchange Working Group of the IETF. \\par This is now a Proposed Standard. ","bibtex":"@TechReport{Hu16a,\n\tauthor = \"Z. Hu and L. Zhu and J. Heidemann and\n A. Mankin and D. Wessels and P. Hoffman\",\n\t title = \"Specification for {DNS} over {Transport} {Layer} {Security} ({TLS}) \",\n\t institution = \"Internet Request For Comments\",\n\t year = \t 2016,\n\tsortdate = \"2016-05-17\",\n\tproject = \"ant, lacrend, lander, retrofuture, tdns\",\n\tjsubject = \"network_observation\",\n\t type =\t \"RFC\",\n\t number = 7858,\n\t month =\t may,\n\t jlocation =\t\"johnh: pafiles\",\n\t keywords = \"dns-over-tls, connection-oriented dns,\n rfc-7858, dns privacy\",\n\turl =\t\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Hu16a.html\",\n\tpdfurl =\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Hu16a.pdf\",\n\t otherurl =\t \"http://www.rfc-editor.org/rfc/rfc7858.txt\",\n\tdoi = \"http://dx.doi.org/10.17487/RFC7858\",\n\tabstract = \"\nThis document describes the use of Transport Layer Security (TLS) to\nprovide privacy for DNS. Encryption provided by TLS eliminates\nopportunities for eavesdropping and on-path tampering with DNS\nqueries in the network, such as discussed in RFC 7626. In addition,\nthis document specifies two usage profiles for DNS over TLS and\nprovides advice on performance considerations to minimize overhead\nfrom using TCP and TLS with DNS.\n\\par\nThis document focuses on securing stub-to-recursive traffic, as per\nthe charter of the DPRIVE Working Group. It does not prevent future\napplications of the protocol to recursive-to-authoritative traffic.\n\\par\nThis document is a product of the DNS PRIVate Exchange Working Group of the IETF.\n\\par\nThis is now a Proposed Standard.\n\",\n}\n\n\n","author_short":["Hu, Z.","Zhu, L.","Heidemann, J.","Mankin, A.","Wessels, D.","Hoffman, P."],"bibbaseid":"hu-zhu-heidemann-mankin-wessels-hoffman-specificationfordnsovertransportlayersecuritytls-2016","role":"author","urls":{"Paper":"https://ant.isi.edu/%7ejohnh/PAPERS/Hu16a.html"},"keyword":["dns-over-tls","connection-oriented dns","rfc-7858","dns privacy"],"metadata":{"authorlinks":{}}},"bibtype":"techreport","biburl":"https://bibbase.org/f/dHevizJoWEhWowz8q/johnh-2023-2.bib","dataSources":["YLyu3mj3xsBeoqiHK","QXhRq9CSEi44amsga","fLZcDgNSoSuatv6aX","fxEParwu2ZfurScPY","7nuQvtHTqKrLmgu99"],"keywords":["dns-over-tls","connection-oriented dns","rfc-7858","dns privacy"],"search_terms":["specification","dns","over","transport","layer","security","tls","hu","zhu","heidemann","mankin","wessels","hoffman"],"title":"Specification for DNS over Transport Layer Security (TLS) ","year":2016}