How to send DNS over anything encrypted.

Today, nearly all DNS queries are sent unencrypted. This makes DNS vulnerable to eavesdropping by anyone with access to the network.

The DNS-Privacy group (DPRIVE) inside the Internet Engineering Task Force (IETF), as well as a number of dedicated people outside the IETF, are working on new transport protocols to allow for encrypting DNS traffic between DNS clients and resolvers. Current developments include:

  • DNS over TLS (RFC 7858)
  • DNS over DTLS (RFC 8094)
  • DNS over HTTP(S) (ID-draft)
  • DNS over QUIC (ID-draft)
  • DNS over DNSCrypt (outside IETF)
  • DNS over TOR (outside IETF)

In this webinar we explain the protocols currently available or under discussion inside and outside the IETF, and offer some example configurations of how these new privacy protocols can be used today.