@techreport{dickson-dprive-adot-auth-06,
    number =    {draft-dickson-dprive-adot-auth-06},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-dickson-dprive-adot-auth/06/},
    author =    {Brian Dickson},
    title =     {{Authenticated DNS over TLS to Authoritative Servers}},
    pagetotal = 17,
    year =      2021,
    month =     nov,
    day =       9,
    abstract =  {This Internet Draft proposes a mechanism for DNS resolvers to discover support for TLS transport to authoritative DNS servers, to validate this indication of support, and to authenticate the TLS certificates involved. This requires that the name server \_names\_ are in a DNSSEC signed zone. This also requires that the delegation of the zone served is protected by {[}I-D.dickson-dnsop-ds-hack{]}, since the NS names are the keys used for discovery of TLS transport support. Additional recommendations relate to use of various techniques for efficiency and scalability, and new EDNS options to minimize round trips and for signaling between clients and resolvers.},
}