Skip to main content

Recursive to Authoritative DNS with Unauthenticated Encryption

Document Type Replaced Internet-Draft (dprive WG)
Expired & archived
Authors Paul E. Hoffman , Peter van Dijk
Last updated 2021-09-28
Replaces draft-ietf-dprive-opportunistic-adotq
Replaced by draft-ietf-dprive-unilateral-probing
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-dprive-unilateral-probing
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document describes a use case and a method for a DNS recursive resolver to use unauthenticated encryption when communicating with authoritative servers. The motivating use case for this method is that more encryption on the Internet is better, and some resolver operators believe that unauthenticated encryption is better than no encryption at all. The method described here is optional for both the recursive resolver and the authoritative server.


Paul E. Hoffman
Peter van Dijk

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)