Discovery of Equivalent Encrypted Resolvers

Document Type Replaced Internet-Draft (add WG)
Authors Tommy Pauly  , Eric Kinnear  , Christopher Wood  , Patrick McManus  , Tommy Jensen 
Last updated 2021-01-27 (latest revision 2020-11-02)
Replaced by draft-ietf-add-ddr
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text html xml pdf htmlized bibtex
Stream WG state Adopted by a WG
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-add-ddr
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines Discovery of Equivalent Encrypted Resolvers (DEER), a mechanism for DNS clients to use DNS records to discover a resolver's encrypted DNS configuration. This mechanism can be used to move from unencrypted DNS to encrypted DNS when only the IP address of an encrypted resolver is known. It can also be used to discover support for encrypted DNS protocols when the name of an encrypted resolver is known. This mechanism is designed to be limited to cases where equivalent encrypted and unencrypted resolvers are operated by the same entity.


Tommy Pauly (
Eric Kinnear (
Christopher Wood (
Patrick McManus (
Tommy Jensen (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)