Stateless DNS Encryption

Document Type Replaced Internet-Draft (individual)
Last updated 2015-10-28 (latest revision 2015-09-30)
Replaced by draft-krecicki-dprive-dnsenc
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-krecicki-dprive-dnsenc
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The DNS is the last common Internet protocol that has no encryption scheme and therefore provides no privacy to the users. This document proposes an extensible mechanism providing encryption of DNS queries and responses with method for secure retrieval and verification of validity of encryption keys. It is independent of the underlying transport protocol.


Witold Kręcicki (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)