Specification for DNS over Transport Layer Security (TLS)

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: tjw.ietf@gmail.com, allison.mankin@gmail.com, draft-ietf-dprive-dns-over-tls@ietf.org, dprive-chairs@ietf.org, "The IESG" <iesg@ietf.org>, dns-privacy@ietf.org, rfc-editor@rfc-editor.org, terry.manderson@icann.org
Subject: Protocol Action: 'Specification for DNS over TLS' to Proposed Standard (draft-ietf-dprive-dns-over-tls-09.txt)

The IESG has approved the following document:
- 'Specification for DNS over TLS'
  (draft-ietf-dprive-dns-over-tls-09.txt) as Proposed Standard

This document is the product of the DNS PRIVate Exchange Working Group.

The IESG contact persons are Brian Haberman and Terry Manderson.

A URL of this Internet Draft is:

Technical Summary

This document describes the use of TLS to provide privacy for DNS. In addition, this document specifies two usage profiles for DNS-over-TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS.

Working Group Summary

This document was heavily reviewed and discussed int the working group, and the community is strongly behind this document.  The authors made sure that all issues raised during the process were addressed.  Additionally, there is a complementary design moving through the working group (draft-ietf-dprive-dnsodtls), and both sets of authors worked together to ensure the issues raised between the drafts were resolved.  Both groups of authors have worked exceptionally well together.

Document Quality

This is a well structured document with several vendors signalling intent to implement and support. A current implementation is offered from NLNetLabs (unbound).
The workgroup performed well in bringing forth this document. The draft lists 6 authors, and the AD is in support of that number, a note has already been sent to the RFC-Editor.


Document Shepherd:   Tim Wicinski
Area Director:       Terry Manderson


IANA was requested to add the following value to the "Service Name and
   Transport Protocol Port Number Registry" registry in the System Range for the TCP port.

Additionally, there is an IANA request to reserve the same port number over over UDP for the forthcoming proposed DNS-over=DTLS protocol draft-ietf-dprive-dnsodtls

    Service Name           domain-s
    Port Number            853
    Transport Protocol(s)  TCP/UDP
    Assignee               IETF DPRIVE Chairs
    Contact                Paul Hoffman
    Description            DNS query-response protocol run over TLS/DTLS
    Reference              This document

This is a *temporary* assignment and expires on 2016-10-08.