Relevant Internet Drafts and RFCs
DPRIVE - see the DPRIVE document website
draft-ietf-dprive-bcp-op-00 | Recommendations for DNS Privacy Service Operators | Describes Best Current Practices for operators of DoT and DoH servers in terms of protocol, service and privacy policy considerations. |
RFC7626 | DNS Privacy Considerations | This document describes the privacy issues associated with the use |
RFC7858 | Specification for DNS over TLS | This document describes the use of TLS to provide privacy for DNS. |
RFC7830 | The EDNS(0) Padding Option | his document specifies the EDNS(0) 'Padding' option, which allows |
RFC8467 | Padding Policy for EDNS(0) | Specifies the preferred algorithm for padding with the option defined in RFC7830 |
RFC8310 | Usage Profiles for DNS over TLS and DNS over DTLS | This document describes how a DNS client can use a domain name to authenticate a DNS server that uses Transport Layer Security (TLS) and Datagram TLS (DTLS). Additionally, it defines (D)TLS profiles for DNS clients and servers implementing DNS-over-TLS and DNS-over- DTLS |
RFC8094 | Specification for DNS over Datagram Transport Layer Security (DTLS) | |
draft-ietf-dprive-eval | Evaluation of Privacy for DNS Private Exchange (expired) | This document describes methods for measuring the |
DNSOP
RFC7766 | DNS Transport over TCP - Implementation Requirements | This document specifies the requirement for support of TCP as a transport |
RFC7816 | DNS Query Name Minimisation to Improve Privacy | |
RFC7828 | The edns-tcp-keepalive EDNS0 Option | This document defines an EDNS0 option ("edns-tcp-keepalive") that allows DNS clients and servers to signal their respective readiness to conduct multiple DNS transactions over individual TCP sessions. |
DOH
RFC8484 | DNS Queries over HTTPS (DoH) | Document describing the protocol aspects of running DNS over HTTPS. |
Other
RFC5246 | The Transport Layer Security (TLS) Protocol |
RFC7525 | Recommendations for Secure Use of TLS and DTLS |
RFC7413 | TCP Fastopen |
Selection of Presentations
Also see the DNS Privacy Workshop pages!
- OARC 29
- RIPE 77
- It's DNS Jim, But Not as We Know It - Slides, Video
- DNS Privacy measurements (Benchmarking DoT) - Slides, Video
- ICANN DNS Symposium 2018
- RIPE 76
- Measurements on DNS Privacy (DNS-over-TCP and TLS benchmarking)
- BCOP WG - DNS Privacy PCP
- Dude, where's my DNS? (subtitle 'DNS-over-HTTPS is coming!')
- FOSDEM 2018
- OARC 27
- JCSA 2017
- IETF 99 EDU Privacy Tutorial
- DNS Privacy Tutorial (Sara Dickinson, Daniel Kahn Gillmor)
- RIPE 72
- DNS Privacy Public Resolver discussion (Sara Dickinson)
- IETF 94:
- DNS-over-TLS draft update (D. Wessels, S. Dickinson)
- IETF 93:
- Update on 5966bis and EDNS0 keepalive (Sara Dickinson)
- DNS-OARC Fall workshop 2015:
- Using TLS for DNS Privacy in practice (Sara Dickinson)
- IETF 91:
- DNS over TCP and TLS - draft-hzhwm-dprive-start-tls-for-dns-00 (John Heidermann, Sara Dickinson)
- A short video is demonstrating TCP connection re-use, pipelining, TCP Fast Open and DNS-over-TLS: DNS-over-TLS demo video
- IETF 89:
T-DNS: Connection-Oriented DNS to Improve Privacy and Security (Duane Wessels)
- DNS-OARC Spring workshop 2014:
- T-DNS: Connection-Oriented DNS to Improve Privacy and Security (John Heidemann)
getdns-api implementation (Willen Toorop)
Technical reports
T-DNS: Connection-Oriented DNS to Improve Privacy and Security (http://www.isi.edu/publications/trpublic/files/tr-693.pdf)
- http://googlecode.blogspot.co.uk/2012/01/lets-make-tcp-faster.html