Technical Summary
This document defines Discovery of Designated Resolvers (DDR), a
mechanism for DNS clients to use DNS records to discover a resolver's
encrypted DNS configuration. This mechanism can be used to move from
unencrypted DNS to encrypted DNS when only the IP address of a
resolver is known. This mechanism is designed to be limited to cases
where unencrypted resolvers and their designated resolvers are
operated by the same entity or cooperating entities. It can also be
used to discover support for encrypted DNS protocols when the name of
an encrypted resolver is known.
Working Group Summary
There has been extensive discussion amongst a variety of individuals. The shepherd and AD
believe that the document represents the consensus view of the working group as
a whole.
A number of reviews of the document were posted to the working group
mailing list, along with the issues and pull requests logged on GitHub.
Document Quality
It has been extensively reviewed by working group members, hence the number of
iterations of the draft to date. Just under 150 mailing list posts directly
reference the various DDR drafts, complemented by 34 closed issues and 27
closed pull requests on GitHub. The authors have also given updates on
progress during working group sessions at IETF meetings to highlight the draft
to a broader audience.
Looking outside of the ADD working group, there has been consultation with 6man
on the way that RFC 8106 has been interpreted. In addition, support for DDR
has already been implemented by Cisco in its Umbrella software, by Quad9 in its
resolver, Microsoft in its Windows operating system and by Apple in both iOS 16
and macOS Ventura.
Personnel
Shepherd is Andrew Campling.
Responsible AD is Éric Vyncke.
IESG Note
There was a very vague IPR disclosure by Verisign shortly after the ADD working
group was formed that may pertain in some way to ADD. It involved unpublished
filings and did not include any detail other than that Verisign had filed a
patent with the USPTO.
For reference, the following link is to the relevant posts on the ADD mailing
list.
https://mailarchive.ietf.org/arch/msg/add/lB8c9COt5jyqgHhWjW9TFH_V4Nk/
IANA Note
This document calls for the addition of "resolver.arpa" to the
Special-Use Domain Names (SUDN) registry established by [RFC6761].