Recommendations for DNS Privacy Service Operators
RFC 8932
Document | Type |
RFC - Best Current Practice
(October 2020; No errata)
Also known as BCP 232
|
|
---|---|---|---|
Authors | Sara Dickinson , Benno Overeinder , Roland van Rijswijk-Deij , Allison Mankin | ||
Last updated | 2020-10-23 | ||
Replaces | draft-dickinson-dprive-bcp-op | ||
Stream | IETF | ||
Formats | plain text html xml pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Tim Wicinski | ||
Shepherd write-up | Show (last changed 2019-11-17) | ||
IESG | IESG state | RFC 8932 (Best Current Practice) | |
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Éric Vyncke | ||
Send notices to | Tim Wicinski <tjw.ietf@gmail.com> | ||
IANA | IANA review state | IANA OK - No Actions Needed | |
IANA action state | No IANA Actions |
Internet Engineering Task Force (IETF) S. Dickinson Request for Comments: 8932 Sinodun IT BCP: 232 B. Overeinder Category: Best Current Practice R. van Rijswijk-Deij ISSN: 2070-1721 NLnet Labs A. Mankin Salesforce October 2020 Recommendations for DNS Privacy Service Operators Abstract This document presents operational, policy, and security considerations for DNS recursive resolver operators who choose to offer DNS privacy services. With these recommendations, the operator can make deliberate decisions regarding which services to provide, as well as understanding how those decisions and the alternatives impact the privacy of users. This document also presents a non-normative framework to assist writers of a Recursive operator Privacy Statement, analogous to DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements described in RFC 6841. Status of This Memo This memo documents an Internet Best Current Practice. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8932. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction 2. Scope 3. Privacy-Related Documents 4. Terminology 5. Recommendations for DNS Privacy Services 5.1. On the Wire between Client and Server 5.1.1. Transport Recommendations 5.1.2. Authentication of DNS Privacy Services 5.1.3. Protocol Recommendations 5.1.4. DNSSEC 5.1.5. Availability 5.1.6. Service Options 5.1.7. Impact of Encryption on Monitoring by DNS Privacy Service Operators 5.1.8. Limitations of Fronting a DNS Privacy Service with a Pure TLS Proxy 5.2. Data at Rest on the Server 5.2.1. Data Handling 5.2.2. Data Minimization of Network Traffic 5.2.3. IP Address Pseudonymization and Anonymization Methods 5.2.4. Pseudonymization, Anonymization, or Discarding of Other Correlation Data 5.2.5. Cache Snooping 5.3. Data Sent Onwards from the Server 5.3.1. Protocol Recommendations 5.3.2. Client Query Obfuscation 5.3.3. Data Sharing 6. Recursive Operator Privacy Statement (RPS) 6.1. Outline of an RPS 6.1.1. Policy 6.1.2. Practice 6.2. Enforcement/Accountability 7. IANA Considerations 8. Security Considerations 9. References 9.1. Normative References 9.2. Informative References Appendix A. Documents A.1. Potential Increases in DNS Privacy A.2. Potential Decreases in DNS Privacy A.3. Related Operational Documents Appendix B. IP Address Techniques B.1. Categorization of Techniques B.2. Specific Techniques B.2.1. Google Analytics Non-Prefix Filtering B.2.2. dnswasher B.2.3. Prefix-Preserving Map B.2.4. Cryptographic Prefix-Preserving Pseudonymization B.2.5. Top-Hash Subtree-Replicated Anonymization B.2.6. ipcipher B.2.7. Bloom Filters Appendix C. Current Policy and Privacy Statements Appendix D. Example RPS D.1. Policy D.2. Practice Acknowledgements Contributors Authors' Addresses 1. Introduction The Domain Name System (DNS) is at the core of the Internet; almost every activity on the Internet starts with a DNS query (and often several). However, the DNS was not originally designed with strong security or privacy mechanisms. A number of developments have taken place in recent years that aim to increase the privacy of the DNS,Show full document text