Document Shepherd: Tim Wicinski
Area Director: Joel Jaggeli
Document Type: Proposed Standard
DNS cookies are a lightweight DNS transaction security mechanism that
provides limited protection to DNS servers and clients against a
variety of increasingly common denial-of-service and amplification /
forgery or cache poisoning attacks by off-path attackers. DNS Cookies
are tolerant of NAT, NAT-PT, and anycast and can be incrementally
2. Review and Consensus
This draft was originally raised several years ago but it languished due to working group hubris. When it was revised, the working group had broad consensus this was a relevant document. The draft had many reviewers, and also picked up another author as the design was polished.
Initially, the draft defined the EDNS Option to have an Error Code that was returned. After much discussion, and a prototype deployment of the option, it was decided that the Error Code was not needed, and was removed. Since then a second implementation has appeared
The working group was in strong consensus behind this draft.
3. Intellectual Property
There is no IPR related to this document, and the authors have no direct, personal knowledge of any IPR.
4. Other Points
- Downward References
There are no downward references in this document; and the shepherd agrees with the references and their classification.
- IANA Considerations:
IANA has assigned EDNS Option Code 10 for this option, and assigned DNS Error Code 23 as an early allocation.
Explain anything else that the IESG might need to know when reviewing this document. If there is significant discontent with the document or the process, which might result in appeals to the IESG or especially bad feelings in the working group, explain this in a separate email message to the responsible Area Director.
X- Does the shepherd stand behind the document and think the document is ready for publication?
X- Is the correct RFC type indicated in the title page header?
X- Is the abstract both brief and sufficient, and does it stand alone as a brief summary?
X- Is the intent of the document accurately and adequately explained in the introduction?
X- Have all required formal reviews (MIB Doctor, Media Type, URI, etc.) been requested and/or completed?
X- Has the shepherd performed automated checks -- idnits (see http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist), checks of BNF rules, XML code and schemas, MIB definitions, and so on -- and determined that the document passes the tests?
X- Has each author stated that their direct, personal knowledge of any IPR related to this document has already been disclosed, in conformance with BCPs 78 and 79?
X- Have all references within this document been identified as either normative or informative, and does the shepherd agree with how they have been classified?
X- Are all normative references made to documents that are ready for advancement and are otherwise in a clear state?
X- If publication of this document changes the status of any existing RFCs, are those RFCs listed on the title page header, and are the changes listed in the abstract and discussed (explained, not just mentioned) in the introduction?
X- If this is a "bis" document, have all of the errata been considered?
X- IANA Considerations: