Client DNS Filtering Profile Request

Document Type Expired Internet-Draft (individual)
Author Wes Hardaker 
Last updated 2020-03-30 (latest revision 2019-09-27)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines a mechanism under which a client can request that an upstream recursive resolver perform DNS filtering on behalf of a client-requested policy. This is may be done, for example, under a subscription model, where the client wishes not to get redirected to domains known to host malware or malicious content. This request is sent as an EDNS0 option with every DNS request, or potentially to just the first DNS request in a stream when using DNS over TLS, DNS over DTLS or DNS over DOH for example.


Wes Hardaker (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)