Search RFCs
RFC 7858
Specification for DNS over Transport Layer Security (TLS),May 2016
- File formats:
- Status:
- PROPOSED STANDARD
- Updated by:
- RFC 8310
- Authors:
- Z. Hu
L. Zhu
J. Heidemann
A. Mankin
D. Wessels
P. Hoffman - Stream:
- IETF
- Source:
- dprive (int)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7858
Discuss this RFC: Send questions or comments to the mailing listdns-privacy@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7858
Abstract
This document describes the use of Transport Layer Security (TLS) toprovide privacy for DNS. Encryption provided by TLS eliminatesopportunities for eavesdropping and on-path tampering with DNSqueries in the network, such as discussed in RFC 7626. In addition,this document specifies two usage profiles for DNS over TLS andprovides advice on performance considerations to minimize overheadfrom using TCP and TLS with DNS.
This document focuses on securing stub-to-recursive traffic, as perthe charter of the DPRIVE Working Group. It does not prevent futureapplications of the protocol to recursive-to-authoritative traffic.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.