Specification for DNS over Transport Layer Security (TLS) . Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., & Hoffman, P. Technical Report 7858, Internet Request For Comments, May, 2016.
Specification for DNS over Transport Layer Security (TLS)  [link]Paper  doi  abstract   bibtex   
This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS. \par This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE Working Group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic. \par This document is a product of the DNS PRIVate Exchange Working Group of the IETF. \par This is now a Proposed Standard.
@TechReport{Hu16a,
	author =       "Z. Hu and L. Zhu and J. Heidemann and
 A. Mankin and D. Wessels and P. Hoffman",
	  title = "Specification for {DNS} over {Transport} {Layer} {Security} ({TLS}) ",
	  institution =  "Internet Request For Comments",
	  year = 	       2016,
	sortdate = "2016-05-17",
	project = "ant, lacrend, lander, retrofuture, tdns",
	jsubject = "network_observation",
	  type =	       "RFC",
	  number =       7858,
	  month =	       may,
	  jlocation =	"johnh: pafiles",
	  keywords =     "dns-over-tls, connection-oriented dns,
                  rfc-7858, dns privacy",
	url =		"https://ant.isi.edu/%7ejohnh/PAPERS/Hu16a.html",
	pdfurl =	"https://ant.isi.edu/%7ejohnh/PAPERS/Hu16a.pdf",
	  otherurl =	       "http://www.rfc-editor.org/rfc/rfc7858.txt",
	doi = "http://dx.doi.org/10.17487/RFC7858",
	abstract = "
This document describes the use of Transport Layer Security (TLS) to
provide privacy for DNS.  Encryption provided by TLS eliminates
opportunities for eavesdropping and on-path tampering with DNS
queries in the network, such as discussed in RFC 7626.  In addition,
this document specifies two usage profiles for DNS over TLS and
provides advice on performance considerations to minimize overhead
from using TCP and TLS with DNS.
\par
This document focuses on securing stub-to-recursive traffic, as per
the charter of the DPRIVE Working Group.  It does not prevent future
applications of the protocol to recursive-to-authoritative traffic.
\par
This document is a product of the DNS PRIVate Exchange Working Group of the IETF.
\par
This is now a Proposed Standard.
",
}

Downloads: 0