TLS for DNS: Initiation and Performance Considerations
draft-ietf-dprive-start-tls-for-dns-01

Document Type Replaced Internet-Draft (dprive WG)
Last updated 2015-10-14 (latest revision 2015-07-05)
Replaces draft-hzhwm-dprive-start-tls-for-dns
Replaced by draft-ietf-dprive-dns-over-tls
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document
Document shepherd Tim Wicinski
IESG IESG state Replaced by draft-ietf-dprive-dns-over-tls
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-dprive-start-tls-for-dns-01.txt

Abstract

This document offers an approach to initiating TLS for DNS: use of a dedicated DNS-over-TLS port, and fallback to a mechanism for upgrading a DNS-over-TCP connection over the standard port (TCP/53) to a DNS-over-TLS connection. Encryption provided by TLS eliminates opportunities for eavesdropping on DNS queries in the network, such as discussed in RFC 7258. In addition it specifies two usage profiles for DNS-over-TLS. Finally, it provides advice on performance considerations to minimize overheads from using TCP and TLS with DNS, pertaining to both approaches.

Authors

Zi Hu (zihu@usc.edu)
Liang Zhu (liangzhu@usc.edu)
John Heidemann (johnh@isi.edu)
Allison Mankin (amankin@verisign.com)
Duane Wessels (dwessels@verisign.com)
Paul Hoffman (paul.hoffman@icann.org)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)