Skip to main content

Unilateral Opportunistic Deployment of Encrypted Recursive-to-Authoritative DNS
RFC 9539

Revision differences

Document history

Date By Action
2024-03-03
(System) Received changes through RFC Editor sync (added Verified Errata tag)
2024-03-01
(System) Received changes through RFC Editor sync (added Errata tag)
2024-02-28
(System)
Received changes through RFC Editor sync (created document RFC 9539, created became rfc relationship between draft-ietf-dprive-unilateral-probing and RFC 9539, set abstract to 'This …
Received changes through RFC Editor sync (created document RFC 9539, created became rfc relationship between draft-ietf-dprive-unilateral-probing and RFC 9539, set abstract to 'This document sets out steps that DNS servers (recursive resolvers and authoritative servers) can take unilaterally (without any coordination with other peers) to defend DNS query privacy against a passive network monitor. The protections provided by the guidance in this document can be defeated by an active attacker, but they should be simpler and less risky to deploy than more powerful defenses.

The goal of this document is to simplify and speed up deployment of opportunistic encrypted transport in the recursive-to-authoritative hop of the DNS ecosystem. Wider easy deployment of the underlying encrypted transport on an opportunistic basis may facilitate the future specification of stronger cryptographic protections against more-powerful attacks.', set pages to 24, set standardization level to Experimental, added RFC published event at 2024-02-28)
2024-02-28
(System) RFC published