This document proposes the use of Datagram Transport Layer Security
(DTLS) for DNS, to protect against passive listeners and certain
active attacks. As latency is critical for DNS, this proposal also
discusses mechanisms to reduce DTLS round trips and reduce DTLS
Working Group Summary
The working group chose Experimental over Proposed Standard because
the authors have indicated they are not willing to attempt
implemntating this, nor have they attempted to find anyone to
While the working group confirmed publication, this document
shepherd (and working group co-chair) is conflicted. The lack of
implementation anytime in the near future means this will get
published but never actually used. While the working group does not
see this as a problem, I feel it sets a bad precedent.
The document was reviewed very heavily by the working group, and c
compared to the previous document DNS-over TLS
The working group made several requests which the authors performed.
The biggest one was the removal of the Authenication profiles and
placed in a separate document draft-ietf-dprive-dtls-and-tls-
profiles which is currently working through the working group and
is slated for last call.
The consensus was positive on adopting and publishing this draft,
and the working group did not have many comments about the lack of
implementations, or if a document without any planned implementations
should be published.
Document Shepherd: Tim Wicinski
Area Director: Terry Manderson
RFC Editor Note
RFC Editor Note
Please note the IESG note as follows
This DTLS solution was considered by the DPRIVE working group as a potential option to use in case that the TLS based approach specified in RFC7858 is shown to have detrimental deployment issues. At the time of writing, it was expected that RFC7858 will be deployed, and so this specification is primarily intended as a backup and has therefore been designated as experimental. This solution should not be deployed in the wild while in this experimental state as an RFC, however experimentation is encouraged.