DNS Queries over HTTPS (DoH)
RFC 8484
Document Type RFC - Proposed Standard (October 2018; No errata)
Last updated 2018-10-19
Replaces draft-hoffman-dispatch-dns-over-https, draft-hoffman-dns-over-https
Stream IETF
Formats plain text pdf html bibtex
Reviews
GENART Telechat Review (of -13): Ready
TSVART Last Call Review (of -13): Almost Ready
SECDIR Last Call Review (of -12): Has Issues
GENART Last Call Review (of -12): On the Right Track
GENART will not review this version
Stream WG state Submitted to IESG for Publication
Document shepherd Benjamin Schwartz
Shepherd write-up Show (last changed 2018-07-03)
IESG IESG state RFC 8484 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Adam Roach
Send notices to Benjamin Schwartz <bemasc@google.com>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
Email authors Email WG IPR References Referenced by Nits 
Internet Engineering Task Force (IETF)                        P. Hoffman
Request for Comments: 8484                                         ICANN
Category: Standards Track                                     P. McManus
ISSN: 2070-1721                                                  Mozilla
                                                            October 2018

                      DNS Queries over HTTPS (DoH)

Abstract

   This document defines a protocol for sending DNS queries and getting
   DNS responses over HTTPS.  Each DNS query-response pair is mapped
   into an HTTP exchange.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8484.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Hoffman & McManus            Standards Track                    [Page 1]
RFC 8484              DNS Queries over HTTPS (DoH)          October 2018

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Selection of DoH Server . . . . . . . . . . . . . . . . . . .   4
   4.  The HTTP Exchange . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  The HTTP Request  . . . . . . . . . . . . . . . . . . . .   4
       4.1.1.  HTTP Request Examples . . . . . . . . . . . . . . . .   5
     4.2.  The HTTP Response . . . . . . . . . . . . . . . . . . . .   7
       4.2.1.  Handling DNS and HTTP Errors  . . . . . . . . . . . .   7
       4.2.2.  HTTP Response Example . . . . . . . . . . . . . . . .   8
   5.  HTTP Integration  . . . . . . . . . . . . . . . . . . . . . .   8
     5.1.  Cache Interaction . . . . . . . . . . . . . . . . . . . .   8
     5.2.  HTTP/2  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     5.3.  Server Push . . . . . . . . . . . . . . . . . . . . . . .  10
     5.4.  Content Negotiation . . . . . . . . . . . . . . . . . . .  10
   6.  Definition of the "application/dns-message" Media Type  . . .  10
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11
     7.1.  Registration of the "application/dns-message" Media Type   11
   8.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .  12
     8.1.  On the Wire . . . . . . . . . . . . . . . . . . . . . . .  12
     8.2.  In the Server . . . . . . . . . . . . . . . . . . . . . .  12
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  14
   10. Operational Considerations  . . . . . . . . . . . . . . . . .  15
   11. References  . . . . . . . . . . . . . . . . . . . . . . . . .  16
     11.1.  Normative References . . . . . . . . . . . . . . . . . .  16
     11.2.  Informative References . . . . . . . . . . . . . . . . .  18
   Appendix A.  Protocol Development . . . . . . . . . . . . . . . .  20
   Appendix B.  Previous Work on DNS over HTTP or in Other Formats .  20
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  21
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  21

Hoffman & McManus            Standards Track                    [Page 2]
RFC 8484              DNS Queries over HTTPS (DoH)          October 2018

1.  Introduction

   This document defines a specific protocol, DNS over HTTPS (DoH), for
   sending DNS [RFC1035] queries and getting DNS responses over HTTP
   [RFC7540] using https [RFC2818] URIs (and therefore TLS [RFC8446]
   security for integrity and confidentiality).  Each DNS query-response
   pair is mapped into an HTTP exchange.

   The described approach is more than a tunnel over HTTP.  It
   establishes default media formatting types for requests and responses
   but uses normal HTTP content negotiation mechanisms for selecting
   alternatives that endpoints may prefer in anticipation of serving new
   use cases.  In addition to this media type negotiation, it aligns
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA