Authoritative DNS-over-TLS Operational Considerations
draft-hal-adot-operational-considerations-02

Document Type Expired Internet-Draft (candidate for dprive WG)
Last updated 2020-02-14 (latest revision 2019-08-13)
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized bibtex
Stream WG state Call For Adoption By WG Issued
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-hal-adot-operational-considerations-02.txt

Abstract

DNS over TLS (DoT) has been gaining attention, primarily as a means of communication between stub resolvers and recursive resolvers. There have also been discussions and experiments involving the use of DoT to communicate with authoritative nameservers (Authoritative DNS over TLS or "ADoT"), including communication between recursive and authoritative resolvers. However, we have identified a number of operational concerns with ADoT that have arisen as DNS operators have begun to experiment with and prepare for deploying DoT. These operational concerns need to be addressed prior to ADoT's deployment at scale by DNS operators in order to maintain the stability and resilience of the global DNS. The document also provides some suggested next steps to advance the operator community's understanding of ADoT's operational impact.

Authors

Karl Henderson (khenderson@verisign.com)
Tim April (ietf@tapril.net)
Jason Livingood (Jason_Livingood@comcast.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)