UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 7873

Domain Name System (DNS) Cookies

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 May 2016
Status: active
Page Count: 25
scope:

DNS Cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and amplification/ forgery or cache poisoning attacks by off-path attackers. DNS Cookies are tolerant of NAT, NAT-PT (Network Address Translation - Protocol Translation), and anycast and can be incrementally deployed. (Since DNS Cookies are only returned to the IP address from which they were originally received, they cannot be used to generally track Internet users.)

Document History

IETF RFC 7873
May 1, 2016
Domain Name System (DNS) Cookies
DNS Cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and...

References

This document references:
RFC 1035 - Domain Names - Implementation and Specification
Published by IETF on November 1, 1987
A description is not available for this item.
This document references:
IETF RFC 2930 - Secret Key Establishment for DNS (TKEY RR)
Published by IETF on September 1, 2000
[RFC 2845] provides a means of authenticating Domain Name System (DNS) queries and responses using shared secret keys via the Transaction Signature (TSIG) resource record (RR). However, it provides...
This document references:
IETF RFC 2931 - DNS Request and Transaction Signatures ( SIG(0)s )
Published by IETF on September 1, 2000
Extensions to the Domain Name System (DNS) are described in [RFC 2535] that can provide data origin and transaction integrity and authentication to security aware resolvers and applications through...
This document is referenced by:
RFC 9250 - DNS over Dedicated QUIC Connections
Published by IETF on May 1, 2022
Abstract This document describes the use of QUIC to provide transport confidentiality for DNS. The encryption provided by QUIC has similar properties to those provided by TLS, while QUIC transport...
This document is referenced by:
RFC 9520 - Negative Caching of DNS Resolution Failures
Published by IETF on December 1, 2023
In the DNS, resolvers employ caching to reduce both latency for end users and load on authoritative name servers. The process of resolution may result in one of three types of responses: (1) a...
This document is superseded by:
IETF RFC 9018 - Interoperable Domain Name System (DNS) Server Cookies
Published by IETF on April 1, 2021
Abstract DNS Cookies, as specified in RFC 7873, are a lightweight DNS transaction security mechanism that provide limited protection to DNS servers and clients against a variety of denial-of-service...
This document is superseded by:
IETF RFC 9018 - Interoperable Domain Name System (DNS) Server Cookies
Published by IETF on April 1, 2021
Abstract DNS Cookies, as specified in RFC 7873, are a lightweight DNS transaction security mechanism that provide limited protection to DNS servers and clients against a variety of denial-of-service...
View Less
View All
Advertisement