%% You should probably cite rfc9539 instead of this I-D. @techreport{ietf-dprive-unilateral-probing-05, number = {draft-ietf-dprive-unilateral-probing-05}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-dprive-unilateral-probing/05/}, author = {Daniel Kahn Gillmor and Joey Salazar and Paul E. Hoffman}, title = {{Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS}}, pagetotal = 30, year = 2023, month = mar, day = 3, abstract = {This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The steps in this document can be defeated by an active attacker, but should be simpler and less risky to deploy than more powerful defenses. The goal of this document is to simplify and speed deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. With wider easy deployment of the underlying transport on an opportunistic basis, we hope to facilitate the future specification of stronger cryptographic protections against more powerful attacks.}, }