Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This site is mainly focussed on following the development and deployment of DNS-over-TLS (DOT) and DNS-over-HTTPS (DOH) as the leading solutions for DNS Privacy because DOT is the only protocol currently standardized by the IETF and DOH is expected to be a standard shortly (as of May 2018).

Some history and background on other alternatives are outlined below and we intend to follow other solutions as they evolve.

Table of Contents

DNS-over-TLS (

...

DoT)

RFC7858 specified DNS-over-TLS as a Standards Track protocol in May 2016. There is active work in this area.

...

One issue with DNS-over-DTLS is that it must still truncate DNS responses if the response size it too large (just as UDP does) and so it cannot be a standalone solution for privacy without a fallback mechanism (such as DNS-over-TLS) also being available.

DNS-over-HTTP (

...

DoH)

The IETF created a new DOH  DoH working group in Sept 2017 to look at how DNS messages could be sent over an existing HTTP/2 connection. It is in the very early stages but one advantage of this approach would be to intermingle DNS and HTTP traffic on the same connection and make blocking of encrypted DNS harder. As of May As of Sept 2018 the draft https://datatracker.ietf.org/doc/draft-ietf-doh-dns-over-https/ is in WGLC in the RFC editor queue and there are several experimental implementations and deployments.  It is in the very early stages but one advantage of this approach would be to intermingle DNS and HTTP traffic on the same connection and make blocking of encrypted DNS harder.It should be noted that this draft addresses almost purely protocol issues and a follow up document on discovery and operational usage is expected. 

...