%% You should probably cite draft-ietf-dprive-unauth-to-authoritative instead of this I-D.
@techreport{ietf-dprive-opportunistic-adotq-01,
    number =    {draft-ietf-dprive-opportunistic-adotq-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-dprive-opportunistic-adotq/01/},
    author =    {Paul E. Hoffman and Peter van Dijk},
    title =     {{Recursive to Authoritative DNS with Encryption}},
    pagetotal = 9,
    year =      ,
    month =     ,
    day =       ,
    abstract =  {This document describes a use case and a method for a DNS recursive resolver to use either opportunistic encryption (that is, encryption with optional authentication) or fully-authenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, some resolver operators will only want to offer fully-authenticated encryption when encryption is available, and some resolver operators believe that opportunistic encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server. This method supports both fully-authenticate encryption and opportunistic encryption using the same mechanism for discovery of encryption support and discovery of authenticated public keys for the server. IMPORTANT NOTE: This version of the document is completely different than the earlier version. It now covers both opportunistic and fully-authenticated encryption. It is in a very rough state, and there are many holes in the description.},
}