%% You should probably cite rfc8094 instead of this I-D. @techreport{ietf-dprive-dnsodtls-09, number = {draft-ietf-dprive-dnsodtls-09}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/09/}, author = {Tirumaleswar Reddy.K and Dan Wing and Prashanth Patil}, title = {{Specification for DNS over Datagram Transport Layer Security (DTLS)}}, pagetotal = 13, year = 2016, month = aug, day = 11, abstract = {DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses can contain privacy-sensitive information which is valuable to protect. An active attacker can send bogus responses causing misdirection of the subsequent connection. This document proposes the use of Datagram Transport Layer Security (DTLS) for DNS, to protect against passive listeners and certain active attacks. As latency is critical for DNS, this proposal also discusses mechanisms to reduce DTLS round trips and reduce DTLS handshake size. The proposed mechanism runs over port 853.}, }