Recommendations for DNS Privacy Service Operators
RFC 8932

Document Type RFC - Best Current Practice (October 2020; No errata)
Also known as BCP 232
Authors Sara Dickinson  , Benno Overeinder  , Roland van Rijswijk-Deij  , Allison Mankin 
Last updated 2020-10-23
Replaces draft-dickinson-dprive-bcp-op
Stream Internet Engineering Task Force (IETF)
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Stream WG state Submitted to IESG for Publication
Document shepherd Tim Wicinski
Shepherd write-up Show (last changed 2019-11-17)
IESG IESG state RFC 8932 (Best Current Practice)
Action Holders
Consensus Boilerplate Yes
Telechat date
Responsible AD Éric Vyncke
Send notices to Tim Wicinski <>
IANA IANA review state IANA OK - No Actions Needed
IANA action state No IANA Actions

Internet Engineering Task Force (IETF)                      S. Dickinson
Request for Comments: 8932                                    Sinodun IT
BCP: 232                                                   B. Overeinder
Category: Best Current Practice                     R. van Rijswijk-Deij
ISSN: 2070-1721                                               NLnet Labs
                                                               A. Mankin
                                                            October 2020

           Recommendations for DNS Privacy Service Operators


   This document presents operational, policy, and security
   considerations for DNS recursive resolver operators who choose to
   offer DNS privacy services.  With these recommendations, the operator
   can make deliberate decisions regarding which services to provide, as
   well as understanding how those decisions and the alternatives impact
   the privacy of users.

   This document also presents a non-normative framework to assist
   writers of a Recursive operator Privacy Statement, analogous to DNS
   Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements
   described in RFC 6841.

Status of This Memo

   This memo documents an Internet Best Current Practice.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   BCPs is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at

Copyright Notice

   Copyright (c) 2020 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
   2.  Scope
   3.  Privacy-Related Documents
   4.  Terminology
   5.  Recommendations for DNS Privacy Services
     5.1.  On the Wire between Client and Server
       5.1.1.  Transport Recommendations
       5.1.2.  Authentication of DNS Privacy Services
       5.1.3.  Protocol Recommendations
       5.1.4.  DNSSEC
       5.1.5.  Availability
       5.1.6.  Service Options
       5.1.7.  Impact of Encryption on Monitoring by DNS Privacy
               Service Operators
       5.1.8.  Limitations of Fronting a DNS Privacy Service with a
               Pure TLS Proxy
     5.2.  Data at Rest on the Server
       5.2.1.  Data Handling
       5.2.2.  Data Minimization of Network Traffic
       5.2.3.  IP Address Pseudonymization and Anonymization Methods
       5.2.4.  Pseudonymization, Anonymization, or Discarding of Other
               Correlation Data
       5.2.5.  Cache Snooping
     5.3.  Data Sent Onwards from the Server
       5.3.1.  Protocol Recommendations
       5.3.2.  Client Query Obfuscation
       5.3.3.  Data Sharing
   6.  Recursive Operator Privacy Statement (RPS)
     6.1.  Outline of an RPS
       6.1.1.  Policy
       6.1.2.  Practice
     6.2.  Enforcement/Accountability
   7.  IANA Considerations
   8.  Security Considerations
   9.  References
     9.1.  Normative References
     9.2.  Informative References
   Appendix A.  Documents
     A.1.  Potential Increases in DNS Privacy
     A.2.  Potential Decreases in DNS Privacy
     A.3.  Related Operational Documents
   Appendix B.  IP Address Techniques
     B.1.  Categorization of Techniques
     B.2.  Specific Techniques
       B.2.1.  Google Analytics Non-Prefix Filtering
       B.2.2.  dnswasher
       B.2.3.  Prefix-Preserving Map
       B.2.4.  Cryptographic Prefix-Preserving Pseudonymization
       B.2.5.  Top-Hash Subtree-Replicated Anonymization
       B.2.6.  ipcipher
       B.2.7.  Bloom Filters
   Appendix C.  Current Policy and Privacy Statements
   Appendix D.  Example RPS
     D.1.  Policy
     D.2.  Practice
   Authors' Addresses

1.  Introduction

   The Domain Name System (DNS) is at the core of the Internet; almost
   every activity on the Internet starts with a DNS query (and often
   several).  However, the DNS was not originally designed with strong
   security or privacy mechanisms.  A number of developments have taken
   place in recent years that aim to increase the privacy of the DNS,
Show full document text