{"draft":"draft-ietf-dnsop-server-cookies-05","doc_id":"RFC9018","title":"Interoperable Domain Name System (DNS) Server Cookies","authors":["O. Sury","W. Toorop","D. Eastlake 3rd","M. Andrews"],"format":["HTML","TEXT","PDF","XML"],"page_count":"16","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Domain Name System Operations","abstract":"DNS Cookies, as specified in RFC 7873, are a lightweight DNS\r\ntransaction security mechanism that provide limited protection to DNS\r\nservers and clients against a variety of denial-of-service\r\namplification, forgery, or cache-poisoning attacks by off-path\r\nattackers.\r\n\r\nThis document updates RFC 7873 with precise directions for creating\r\nServer Cookies so that an anycast server set including diverse\r\nimplementations will interoperate with standard clients, with\r\nsuggestions for constructing Client Cookies in a privacy-preserving\r\nfashion, and with suggestions on how to update a Server Secret.  An\r\nIANA registry listing the methods and associated pseudorandom\r\nfunction suitable for creating DNS Server Cookies has been created\r\nwith the method described in this document as the first and, as of\r\nthe time of publication, only entry.","pub_date":"April 2021","keywords":["Client","Hash"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC7873"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9018","errata_url":null}