DNS Privacy
Links
DNS Privacy Project homepage
DPRIVE
getdns
NLnet Labs
Sinodun
* At least one author associated with this project
DPRIVE
RFC7626 | DNS Privacy Considerations | This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. |
draft-ietf-dprive-dns-over-tls | Specification for DNS over TLS* | This document describes the use of TLS to provide privacy for DNS. |
draft-ietf-dprive-dtls-and-tls-profiles | Authentication and (D)TLS Profile for DNS-over-TLS and DNS-over-DTLS* | This document describes how a DNS client can use a domain name to authenticate a DNS server that uses Transport Layer Security (TLS) and Datagram TLS (DTLS). Additionally, it defines (D)TLS profiles for DNS clients and servers implementing DNS-over-TLS and DNS-over- DTLS |
DNSOP
draft-ietf-dnsop-5966bis | DNS Transport over TCP - Implementation Requirements* | This document specifies the requirement for support of TCP as a transport protocol for DNS implementations and provides guidelines towards DNS-over-TCP performance on par with that of DNS-over-UDP. |
draft-ietf-dnsop-edns-tcp-keepalive | The edns-tcp-keepalive EDNS0 Option* | This document defines an EDNS0 option ("edns-tcp-keepalive") that allows DNS clients and servers to signal their respective readiness to conduct multiple DNS transactions over individual TCP sessions. |
Other
RFC5246 | The Transport Layer Security (TLS) Protocol |
RFC7525 | Recommendations for Secure Use of TLS and DTLS |
RFC7413 | TCP Fastopen |
A short video is available demonstrating TCP connection re-use, pipelining, TCP Fast Open and DNS-over-TLS: DNS-over-TLS demo video
T-DNS: Connection-Oriented DNS to Improve Privacy and Security (Duane Wessels)
getdns-api implementation (Willen Toorop)
T-DNS: Connection-Oriented DNS to Improve Privacy and Security (http://www.isi.edu/publications/trpublic/files/tr-693.pdf)