Practical Observations from Encrypted DNS Deployments by Network Operators

Document Type Expired Internet-Draft (individual)
Authors Andrew Campling  , Normen Kowalewski  , Gianpaolo Scalone  , Chris Box  , Alister Winfield 
Last updated 2021-01-14 (latest revision 2020-07-13)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The following document includes observations regarding a variety of implementations of recursive DNS capabilities that are important to network operators in terms of delivering DNS services to their (several tens of millions of) customers. It highlights some of the challenges that need to be addressed to allow the widespread adoption of encrypted DNS by the end-users of network operators. The information is intended to aid the development of discovery mechanisms for protocols such as DNS-over-HTTPS. It clearly defines problems that need technical solutions to allow the deployment of encrypted DNS by the largest number of operators to the largest number of users in the shortest possible timeframe with little or no disruption to the user experience.


Andrew Campling (Andrew.Campling@419.Consulting)
Normen Kowalewski (
Gianpaolo Scalone (
Chris Box (
Alister Winfield (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)