DNS Privacy
Links
DNS Privacy Project homepage
DPRIVE
getdns
NLnet Labs
Sinodun
Relevant Internet Drafts and RFCs
* At least one author associated with this project
DPRIVE
| RFC7626 | DNS Privacy Considerations | This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. |
| draft-ietf-dprive-dns-over-tls | Specification for DNS over TLS* | This document describes the use of TLS to provide privacy for DNS. |
| draft-ietf-dprive-dtls-and-tls-profiles | Authentication and (D)TLS Profile for DNS-over-TLS and DNS-over-DTLS* | This document describes how a DNS client can use a domain name to authenticate a DNS server that uses Transport Layer Security (TLS) and Datagram TLS (DTLS). Additionally, it defines (D)TLS profiles for DNS clients and servers implementing DNS-over-TLS and DNS-over- DTLS |
DNSOP
| draft-ietf-dnsop-5966bis | DNS Transport over TCP - Implementation Requirements* | This document specifies the requirement for support of TCP as a transport protocol for DNS implementations and provides guidelines towards DNS-over-TCP performance on par with that of DNS-over-UDP. |
| draft-ietf-dnsop-edns-tcp-keepalive | The edns-tcp-keepalive EDNS0 Option* | This document defines an EDNS0 option ("edns-tcp-keepalive") that allows DNS clients and servers to signal their respective readiness to conduct multiple DNS transactions over individual TCP sessions. |
Other
| RFC5246 | The Transport Layer Security (TLS) Protocol |
| RFC7525 | Recommendations for Secure Use of TLS and DTLS |
| RFC7413 | TCP Fastopen |
Presentations
A short video is available demonstrating TCP connection re-use, pipelining, TCP Fast Open and DNS-over-TLS: DNS-over-TLS demo video
- DNS-OARC Fall workshop 2015:
- Using TLS for DNS Privacy in practice (Sara Dickinson)
- IETF 91:
- DNS over TCP and TLS - draft-hzhwm-dprive-start-tls-for-dns-00 (John Heidermann, Sara Dickinson)
- IETF 89:
T-DNS: Connection-Oriented DNS to Improve Privacy and Security (Duane Wessels)
- DNS-OARC Spring workshop 2014:
- T-DNS: Connection-Oriented DNS to Improve Privacy and Security (John Heidemann)
getdns-api implementation (Willen Toorop)
getdns API
- getdns API homepage (http://getdnsapi.net/about.html)
- Description of the getdns API (http://www.vpnc.org/getdns-api/)
Technical reports
T-DNS: Connection-Oriented DNS to Improve Privacy and Security (http://www.isi.edu/publications/trpublic/files/tr-693.pdf)
- http://googlecode.blogspot.co.uk/2012/01/lets-make-tcp-faster.html
Example code
- ANT project software for DNS analysis and privacy http://isi.edu/ant/software/
Overview
Content Tools