Skip to main content

DNS over Datagram Transport Layer Security (DTLS)

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: "IETF-Announce" <>
Cc:,,, "The IESG" <>,,, "Tim Wicinski" <>,
Subject: Document Action: 'Specification for DNS over Datagram Transport Layer Security (DTLS)' to Experimental RFC (draft-ietf-dprive-dnsodtls-15.txt)

The IESG has approved the following document:
- 'Specification for DNS over Datagram Transport Layer Security (DTLS)'
  (draft-ietf-dprive-dnsodtls-15.txt) as Experimental RFC

This document is the product of the DNS PRIVate Exchange Working Group.

The IESG contact persons are Suresh Krishnan and Terry Manderson.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

This document proposes the use of Datagram Transport Layer Security
(DTLS) for DNS, to protect against passive listeners and certain
active attacks.  As latency is critical for DNS, this proposal also
discusses mechanisms to reduce DTLS round trips and reduce DTLS
handshake size.

Working Group Summary

The working group chose Experimental over Proposed Standard because
the authors have indicated they are not willing to attempt
implemntating this, nor have they attempted to find anyone to
implement this.

While the working group confirmed publication, this document
shepherd (and working group co-chair) is conflicted.  The lack of
implementation anytime in the near future means this will get
published but never actually used. While the working group does not
see this as a problem, I feel it sets a bad precedent.

Document Quality

The document was reviewed very heavily by the working group, and c
compared to the previous document DNS-over TLS

The working group made several requests which the authors performed.
The biggest one was the removal of the Authenication profiles and
placed in a separate document  draft-ietf-dprive-dtls-and-tls-
profiles   which is currently working through the working group and
is slated for last call.

The consensus was positive on adopting and publishing this draft,
and the working group did not have many comments about the lack of 
implementations, or if a document without any planned implementations 
should be published. 


Document Shepherd:  Tim Wicinski
Area Director:      Terry Manderson

RFC Editor Note

RFC Editor Note

 Please note the IESG note as follows

This DTLS solution was considered by the DPRIVE working group as a potential option to use in case that the TLS based approach specified in RFC7858 is shown to have detrimental deployment issues. At the time of writing, it was expected that RFC7858 will be deployed, and so this specification is primarily intended as a backup and has therefore been designated as experimental. This solution should not be deployed in the wild while in this experimental state as an RFC, however experimentation is encouraged.