Donate
‹ Back
Deploy360 6 April 2017

RFC 8094: DNS over DTLS published

By Kevin Meynell Content and Resource Manager

RFC 8094 – DNS over Datagram Transport Layer Security (DTLS) – was recently published as an experimental specification.

This was the result of the ongoing activity of the DNS PRIVate Exchange (dprive) Working Group at the IETF to develop mechanisms to provide confidentiality to DNS transactions and to address concerns surrounding pervasive monitoring.

DNS queries and responses are normally exchanged unencrypted on the network between a DNS client and server, and can be monitored to reveal potentially sensitive information. RFC 8094 therefore proposes to use DTLS for encrypting queries and responses between DNS clients and servers.

The DTLS protocol is based on the Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees, but is more suited to datagram transport that supports low latency and loss tolerant communication but which does not require or provide reliable or in-order delivery of data.

As latency is critical for the DNS, the outlined specification aims to reduce DTLS round trips and reduce the DTLS handshake size, as well as minimise the computational load on the DNS servers. This is an experimental update to the DNS in order to evaluate implementations, interoperability and effect on the DNS infrastructure.

Further Information

‹ Back

Related articles

DPRIVE experimental service debuts @ IETF 99
DPRIVE experimental service debuts @ IETF 99
Deploy36024 August 2017

DPRIVE experimental service debuts @ IETF 99

The IETF is not only a place to discuss the development of Internet protocols, but also offers a place for...

Deploy360@IETF97, Day 5: TLS, DNS, DHCPv6 & Annyeonghi Gaseyo
Deploy36017 November 2016

Deploy360@IETF97, Day 5: TLS, DNS, DHCPv6 & Annyeonghi Gaseyo

The final day at a IETF is usually pretty quiet for us, but not at the IETF 97. There's four sessions...

Rough Guide to IETF 97: DNSSEC, DANE and DNS Privacy and Security
Rough Guide to IETF 97: DNSSEC, DANE and DNS Privacy and Security
Domain Name System (DNS)11 October 2016

Rough Guide to IETF 97: DNSSEC, DANE and DNS Privacy and Security

DNS privacy will get a good bit of focus at the IETF 97 meeting in Seoul with a special tutorial as...

Join the conversation with Internet Society members around the world