Algorithms for Domain Name System (DNS) Cookies construction

Document Type Replaced Internet-Draft (individual)
Authors Ondřej Surý  , Willem Toorop 
Last updated 2019-03-11
Replaced by draft-sury-toorop-dnsop-server-cookies
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-sury-toorop-dnsop-server-cookies
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


[RFC7873] left the construction of Server Cookies to the discretion of the DNS Server (implementer) which has resulted in a gallimaufry of different implementations. As a result, DNS Cookies are impractical to deploy on multi-vendor anycast networks, because the Server Cookie constructed by one implementation cannot be validated by another. This document provides precise directions for creating Server Cookies to address this issue. Furthermore, [FNV] is obsoleted as a suitable Hash function for calculating DNS Cookies. [SipHash-2.4] is introduced as a new REQUIRED Hash function for calculating DNS Cookies. This document updates [RFC7873]


Ondřej Surý (
Willem Toorop (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)