Skip to main content

DNS Server Selection: DNS Server Information with Assertion Token

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Tirumaleswar Reddy.K , Dan Wing , Michael Richardson , Mohamed Boucadair
Last updated 2022-04-10 (Latest revision 2021-10-07)
Replaces draft-reddy-dprive-dprive-privacy-policy
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The document defines a mechanism that is meant to communicate DNS resolver information to DNS clients for use as a criteria for server selection decisions. Such an information that is cryptographically signed to attest its authenticity is used for the selection of DNS resolvers. Typically, evaluating the resolver information and the signatory, DNS clients with minimal or no human intervention can select the DNS servers for resolving domain names. This assertion is useful for encrypted DNS (e.g., DNS-over-TLS, DNS- over-HTTPS, or DNS-over-QUIC) servers that are either public resolvers or discovered in a local network.


Tirumaleswar Reddy.K
Dan Wing
Michael Richardson
Mohamed Boucadair

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)