Interoperable Domain Name System (DNS) Server Cookies
RFC 9018

Received changes through RFC Editor sync (created alias RFC 9018, changed abstract to 'DNS Cookies, as specified in RFC 7873, are a lightweight DNS transaction security mechanism that provide limited protection to DNS servers and clients against a variety of denial-of-service amplification, forgery, or cache-poisoning attacks by off-path attackers.

This document updates RFC 7873 with precise directions for creating Server Cookies so that an anycast server set including diverse implementations will interoperate with standard clients, with suggestions for constructing Client Cookies in a privacy-preserving fashion, and with suggestions on how to update a Server Secret. An IANA registry listing the methods and associated pseudorandom function suitable for creating DNS Server Cookies has been created with the method described in this document as the first and, as of the time of publication, only entry.', changed pages to 16, changed standardization level to Proposed Standard, changed state to RFC, added RFC published event at 2021-04-05, changed IESG state to RFC Published, created updates relation between draft-ietf-dnsop-server-cookies and RFC 7873)