TLS for DNS: Initiation and Performance Considerations
draft-ietf-dprive-start-tls-for-dns-01
Document | Type |
Replaced Internet-Draft
(dprive WG)
Expired & archived
|
|
---|---|---|---|
Authors | Zi Hu , Liang Zhu , John Heidemann , Allison Mankin , Duane Wessels , Paul E. Hoffman | ||
Last updated | 2015-10-14 (Latest revision 2015-07-05) | ||
Replaces | draft-hzhwm-dprive-start-tls-for-dns | ||
Replaced by | draft-ietf-dprive-dns-over-tls | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | WG Document | |
Document shepherd | Tim Wicinski | ||
IESG | IESG state | Replaced by draft-ietf-dprive-dns-over-tls | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document offers an approach to initiating TLS for DNS: use of a dedicated DNS-over-TLS port, and fallback to a mechanism for upgrading a DNS-over-TCP connection over the standard port (TCP/53) to a DNS-over-TLS connection. Encryption provided by TLS eliminates opportunities for eavesdropping on DNS queries in the network, such as discussed in RFC 7258. In addition it specifies two usage profiles for DNS-over-TLS. Finally, it provides advice on performance considerations to minimize overheads from using TCP and TLS with DNS, pertaining to both approaches.
Authors
Zi Hu
Liang Zhu
John Heidemann
Allison Mankin
Duane Wessels
Paul E. Hoffman
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)