%% You should probably cite draft-hoffman-dns-in-existing-http2-01 instead of this revision.
@techreport{hoffman-dns-in-existing-http2-00,
    number =    {draft-hoffman-dns-in-existing-http2-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-hoffman-dns-in-existing-http2/00/},
    author =    {Paul E. Hoffman},
    title =     {{Running DNS in Existing HTTP/2 Connections}},
    pagetotal = 5,
    year =      2017,
    month =     apr,
    day =       10,
    abstract =  {Intermediaries such as governments and ISPs spoof DNS responses, and block DNS requests to particular recursive resolvers, for a variety of reasons. They spoof by capturing traffic on port 53, or by redirecting port 853 traffic in the hopes that the client is using opportunistic encryption. They block if they know the address of a resolver that they don't like, such as public resolvers that give honest answers. This document describes how to run DNS service over existing HTTP/2 connections over TLS, such as those being used for HTTP for basic web service. This design prevents intermediaries from spoofing DNS responses, and makes it impossible for intermediaries to block the use of those recursive resolvers without blocking the desired HTTP connections. It also prevents intermediaries or passive observers from seeing the DNS traffic. This design is meant for communication between a DNS stub resolver and a DNS recursive resolver.},
}