{"draft":"draft-ietf-dprive-dns-over-tls-09","doc_id":"RFC7858","title":"Specification for DNS over Transport Layer Security (TLS)","authors":["Z. Hu","L. Zhu","J. Heidemann","A. Mankin","D. Wessels","P. Hoffman"],"format":["ASCII","HTML"],"page_count":"19","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"DNS PRIVate Exchange","abstract":"This document describes the use of Transport Layer Security (TLS) to\r\nprovide privacy for DNS.  Encryption provided by TLS eliminates\r\nopportunities for eavesdropping and on-path tampering with DNS\r\nqueries in the network, such as discussed in RFC 7626.  In addition,\r\nthis document specifies two usage profiles for DNS over TLS and\r\nprovides advice on performance considerations to minimize overhead\r\nfrom using TCP and TLS with DNS.\r\n\r\nThis document focuses on securing stub-to-recursive traffic, as per\r\nthe charter of the DPRIVE Working Group.  It does not prevent future\r\napplications of the protocol to recursive-to-authoritative traffic.","pub_date":"May 2016","keywords":["DNS encryption","DNS privacy"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":["RFC8310"],"see_also":[],"doi":"10.17487\/RFC7858","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc7858"}