@techreport{rbw-add-encrypted-dns-forwarders-02,
    number =    {draft-rbw-add-encrypted-dns-forwarders-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-rbw-add-encrypted-dns-forwarders/02/},
    author =    {Tirumaleswar Reddy.K and Mohamed Boucadair and Dan Wing},
    title =     {{Hosting Encrypted DNS Forwarders on CPEs}},
    pagetotal = 11,
    year =      2024,
    month =     nov,
    day =       4,
    abstract =  {Typical connectivity service offerings based upon on Customer Premise Equipment (CPEs) involve DNS forwarders on the CPE for various reasons (offer local services, control the scope/content of information in DNS, ensure better dependability for local service, provide control to users, etc.). Upgrading DNS to use encrypted transports introduces deployment complications as to how to sustain current offerings with local services. Solutions are needed to ease operating DNS forwarders in CPEs while allowing to make use of encrypted DNS capabilities. This document describes the problem and to what extent existing solutions can or can't be used for these deployments. For example, Star certificates and name constraints extension suffer from the problem of deploying a new feature to CAs, TLS clients, and servers.},
}