Private Octopus Inc.

427 Golfcourse Rd Friday Harbor WA 98250 U.S.A huitema@huitema.net

Salesforce

amankin@salesforce.com

Sinodun IT

Oxford Science Park Oxford OX4 4GA U.K. sara@sinodun.com

Transport Internet-Draft This document describes the use of QUIC to provide transport privacy for DNS. The encryption provided by QUIC has similar properties to that provided by TLS, while QUIC transport eliminates the head-of-line blocking issues inherent with TCP and provides more efficient error corrections than UDP. DNS over QUIC (DoQ) has privacy properties similar to DNS over TLS (DoT) specified in RFC7858, and performance characteristics similar to classic DNS over UDP.

Domain Name System (DNS) concepts are specified in . This document presents a mapping of the DNS protocol over QUIC transport . DNS over QUIC is refered here as DoQ, in line with the terminology presented in . The goals of the DoQ mapping are: Provide the same DNS privacy protection as DNS over TLS (DoT) . This includes an option for the client to authenticate the server by means of an authentication domain name . Provide an improved level of source address validation for DNS servers compared to classic DNS over UDP . Provide a transport that is not constrained by path MTU limitations on the size of DNS responses it can send. Explore the potential performance gains of using QUIC as a DNS transport, versus other solutions like DNS over UDP (DNS/UDP) or DoT . In order to achieve these goals, the focus of this document is limited to the "stub to recursive resolver" scenario also addressed by . That is, the protocol described here works for queries and responses between stub clients and recursive servers. The specific non-goals of this document are: No attempt is made to support zone transfers , as these are not relevant to the stub to recursive resolver scenario. No attempt is made to evade potential blocking of DNS/QUIC traffic by middleboxes. Users interested in zone transfers should continue using TCP based solutions and will also want to take note of work in progress to encrypt zone transfers using DoT . Users interested in evading middleboxes should consider using solutions like DNS/HTTPS . Specifying the transmission of an application over QUIC requires specifying how the application's messages are mapped to QUIC streams, and generally how the application will use QUIC. This is done for HTTP in . The purpose of this document is to define the way DNS messages can be transmitted over QUIC. In this document, presents the reasoning that guided the proposed design. specifies the actual mapping of DoQ. presents guidelines on the implementation, usage and deployment of DoQ.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

This section and its subsection present the design guidelines that were used for DoQ. This section is informative in nature.

Usage scenarios for the DNS protocol can be broadly classified in three groups: stub to recursive resolver, recursive resolver to authoritative server, and server to server. This design focuses only on the "stub to recursive resolver" scenario following the approach taken in and . QUESTION: Should this document specify any aspects of configuration of discoverability differently to DoT? No attempt is made to address the recursive to authoritative scenarios. Authoritative resolvers are discovered dynamically through NS records. It is noted that at the time of writing work is ongoing in the DPRIVE working group to attempt to address the analogous problem for DoT . In the absence of an agreed way for authoritative to signal support for QUIC transport, recursive resolvers would have to resort to some trial and error process. At this stage of QUIC deployment, this would be mostly errors, and does not seem attractive. This could change in the future. The DNS protocol is also used for zone transfers. In the zone transfer scenario , the client emits a single AXFR query, and the server responds with a series of AXFR responses. This creates a unique profile, in which a query results in several responses. Supporting that profile would complicate the mapping of DNS queries over QUIC streams. Zone transfers are not used in the stub to recursive scenario that is the focus here, and seem to be currently well served by using DNS over TCP. There is no attempt to support them in this proposed mapping of DNS to QUIC.

DNS privacy considerations are described in . defines how to mitigate some of these issues by transmitting DNS messages over TLS and TCP and specifies Strict and Opportunistic Usage Profiles for DoT including how stub resolvers can authenticate recursive resolvers. QUIC connection setup includes the negotiation of security parameters using TLS, as specified in , enabling encryption of the QUIC transport. Transmitting DNS messages over QUIC will provide essentially the same privacy protections as and . Further discussion on this is provided in .

QUIC is specifically designed to reduce the delay between HTTP queries and HTTP responses. This is achieved through three main components: Support for 0-RTT data during session resumption. Support for advanced error recovery procedures as specified in . Mitigation of head-of-line blocking by allowing parallel delivery of data on multiple streams. This mapping of DNS to QUIC will take advantage of these features in three ways: Optional support for sending 0-RTT data during session resumption (the security and privacy implications of this are discussed in later sections). Long-lived QUIC connections over which multiple DNS transactions are performed, generating the sustained traffic required to benefit from advanced recovery features. Fast resumption of QUIC connections to manage the disconnect-on-idle feature of QUIC without incurring retransmission time-outs. Mapping of each DNS Query/Response transaction to a separate stream, to mitigate head-of-line blocking. These considerations will be reflected in the mapping of DNS traffic to QUIC streams in .

The mapping of DNS over QUIC is defined for minimal overhead and maximum performance. This means a different traffic profile than HTTP over QUIC. This difference can be noted by firewalls and middleboxes. There may be environments in which HTTP/QUIC will be allowed, but DoQ will be disallowed and blocked by these middle boxes. It is recognized that this might be a problem, but there is currently no indication on how widespread that problem might be. The problem might be acute enough that the only realistic solution would be to communicate with independent recursive resolvers using DNS/HTTPS, or maybe DNS/HTTP/QUIC. Or the problem might be rare enough and the performance gains significant enough that the appropriate solution would be to use DoQ most of the time, and fall back to DNS/HTTPS some of the time. Measurements and experimentation will inform that decision. It may indeed turn out that the complexity and overhead concerns are negligible compared to the potential advantages of DNS/HTTPS, such as integration with web services or firewall traversal, and that DoQ does not provide sufficient performance gains to justify a new protocol. We will evaluate that once implementations are available and can be compared.

DoQ connections are established as described in . During connection establishment, DoQ support is indicated by selecting the ALPN token "dq" in the crypto handshake.

RFC Editor's Note: Please remove this section prior to publication of a final version of this document. Only implementations of the final, published RFC can identify themselves as "doq". Until such an RFC exists, implementations MUST NOT identify themselves using this string. Implementations of draft versions of the protocol MUST add the string "-" and the corresponding draft number to the identifier. For example, draft-huitema-dprive-dnsoquic-00 is identified using the string "doq-h00".

By default, a DNS server that supports DoQ MUST listen for and accept QUIC connections on the dedicated UDP port TBD (number to be defined in , unless it has mutual agreement with its clients to use a port other than TBD for DoQ. In order to use a port other than TBD, both clients and servers would need a configuration option in their software. By default, a DNS client desiring to use DoQ with a particular server MUST establish a QUIC connection to UDP port TBD on the server, unless it has mutual agreement with its server to use a port other than port TBD for DoQ. Such another port MUST NOT be port 53 or port 853. This recommendation against use of port 53 for DoQ is to avoid confusion between DoQ and DNS/UDP as specified in . Similarly, using port 853 would cause confusion between DoQ and DNS/DTLS as specified in .

The mapping of DNS traffic over QUIC streams takes advantage of the QUIC stream features detailed in Section 2 of . The stub to resolver DNS traffic follows a simple pattern in which the client sends a query, and the server provides a response. This design specifies that for each subsequent query on a QUIC connection the client MUST select the next available client-initiated bidirectional stream, in conformance with . The client MUST send the DNS query over the selected stream, and MUST indicate through the STREAM FIN mechanism that no further data will be sent on that stream. The server MUST send the response on the same stream, and MUST indicate through the STREAM FIN mechanism that no further data will be sent on that stream. Therefore, a single client initiated DNS transaction consumes a single stream. This means that the client's first query occurs on QUIC stream 0, the second on 4, and so on.

There are planned traffic patterns in which a server sends unsolicited queries to a client, such as for example PUSH messages defined in . These occur when a client subscribes to changes for a particular DNS RRset or resource record type. When a PUSH server wishes to send such updates it MUST select the next available server initiated bidirectional stream, in conformance with . The server MUST send the DNS query over the selected stream, and MUST indicate through the STREAM FIN mechanism that no further data will be sent on that stream. The client MUST send the response on the same stream, and MUST indicate through the STREAM FIN mechanism that no further data will be sent on that stream. Therefore a single server initiated DNS transaction consumes a single stream. This means that the servers's first query occurs on QUIC stream 1, the second on 5, and so on.

Stream transmission may be abandoned by either party, using the stream "reset" facility. A stream reset indicates that one party is unwilling to continue processing the transaction associated with the stream. The corresponding transaction MUST be abandoned. A Server Failure (SERVFAIL, ) SHOULD be notified to the initiator of the transaction.

Section 10 of the QUIC transport specifications specifies that connections can be closed in three ways: idle timeout immediate close stateless reset Clients and servers implementing DNS over QUIC SHOULD negotiate use of the idle timeout. Closing on idle-timeout is done without any packet exchange, which minimizes protocol overhead. This document does not recommend a specific value of the idle timer. Clients SHOULD monitor the idle time incurred on their connection to the server, defined by the time spend since the last packet from the server has been received. When a client prepares to send a new DNS query to the server, it will check whether the idle time is sufficient lower than the idle timer. If it is, the client will send the DNS query over the existing connection. If not, the client will establish a new connection and send the query over that connection. Clients MAY discard their connection to the server before the idle timeout expires. If they do that, they SHOULD close the connection explicitly, using QUIC's CONNECTION_CLOSE mechanisms, and indicating the Application reason "No Error". Clients and servers may close the connection for a variety of other reasons, indicated using QUIC's CONNECTION_CLOSE. Client and servers that send packets over a connection discarded by their peer MAY receive a stateless reset indication. If a connection fails, all queries in progress over the connection MUST be considered failed, and aServer Failure (SERVFAIL, ) SHOULD be notified to the initiator of the transaction.

A stub resolver MAY take advantage of the connection resume mechanisms supported by QUIC transport and QUIC TLS . Stub resolvers SHOULD consider potential privacy issues associated with session resume before deciding to use this mechanism. These privacy issues are detailed in . When resuming a session, a stub resolver MAY take advantage of the 0-RTT mechanism supported by QUIC. The 0-RTT mechanism MUST NOT be used to send data that is not "replayable" transactions. For example, a stub resolver MAY transmit a Query as 0-RTT, but MUST NOT transmit an Update.

For the stub to recursive resolver scenario, the authentication requirements are the same as described in and . There is no need to authenticate the client's identity in either scenario.

If the establishment of the DoQ connection fails, clients SHOULD attempt to fall back to DoT and then potentially clear text, as specified in and , depending on their privacy profile. DNS clients SHOULD remember server IP addresses that don't support DoQ, including timeouts, connection refusals, and QUIC handshake failures, and not request DoQ from them for a reasonable period (such as one hour per server). DNS clients following an out-of-band key-pinned privacy profile () MAY be more aggressive about retrying DoQ connection failures.

The QUIC transport specification defines Address Validation procedures to avoid servers being used in address amplification attacks (see section 8 of ). DoQ implementations MUST conform to this specification, which limits the worst case amplification to a factor 3. DoQ implementations SHOULD consider configuring servers to use the Address Validation using Retry Packets procedure defined in section 8.1.2 of ). This procedure imposes a 1-RTT delay for verifying the return routability of the source address of a client, similar to the DNS Cookies mechanism defined in . DoQ implementations that configure Address Validation using Retry Packets SHOULD implement the Address Validation for Future Connections procedure defined in section 8.1.3 of ). This define how servers can send NEW TOKEN frames to clients after the client address is validated, in order to avoid the 1-RTT penalty during subsequent connections by the client from the same address.

DoQ does not suffer from the same limitations on the size of queries and responses that as DNS/UDP does. Queries and Responses are sent on QUIC streams, which in theory can carry up to 2^62 bytes. However, clients or servers MAY impose a limit on the maximum size of data that they can accept over a given stream. This is controlled in QUIC by the transport parameters: initial_max_stream_data_bidi_local: when set by the client, specifies the amount of data that servers can send on a "response" stream without waiting for a MAX_STREAM_DATA frame. initial_max_stream_data_bidi_remote: when set by the server, specifies the amount of data that clients can send on a "query" stream without waiting for a MAX_STREAM_DATA frame. Clients and servers SHOULD treat these parameters as the practical maximum of queries and responses. If the EDNS parameters of a Query indicate a lower message size, servers MUST comply with that indication.

When sending queries over a QUIC connection, the DNS Message ID MUST be set to zero.

There are mechanisms specified for both padding individual DNS messages , and padding within QUIC packets (see Section 8.6 of ), which may contain multiple frames. Implementations SHOULD NOT use DNS options for padding individual DNS messages, because QUIC transport MAY transmit multiple STREAM frames containing separate DNS messages in a single QUIC packet. Instead, implementations SHOULD use QUIC PADDING frames to align the packet length to a small set of fixed sizes, aligned with the recommendations of .

provides updated guidance on DNS/TCP much of which is applicable to DoQ. This section attempts to specify how those considerations apply to DoQ.

Historic implementations of DNS stub resolvers are known to open and close TCP connections for each DNS query. To avoid excess QUIC connections, each with a single query, clients SHOULD reuse a single QUIC connection to the recursive resolver. In order to achieve performance on par with UDP, DNS clients SHOULD send their queries concurrently over the QUIC streams on a QUIC connection. That is, when a DNS client sends multiple queries to a server over a QUIC connection, it SHOULD NOT wait for an outstanding reply before sending the next query.

In order to amortize QUIC and TLS connection setup costs, clients and servers SHOULD NOT immediately close a QUIC connection after each response. Instead, clients and servers SHOULD reuse existing QUIC connections for subsequent queries as long as they have sufficient resources. In some cases, this means that clients and servers may need to keep idle connections open for some amount of time. Under normal operation DNS clients typically initiate connection closing on idle connections; however, DNS servers can close the connection if the idle timeout set by local policy is exceeded. Also, connections can be closed by either end under unusual conditions such as defending against an attack or system failure/ reboot. Clients and servers that keep idle connections open MUST be robust to termination of idle connection by either party. As with current DNS over TCP, DNS servers MAY close the connection at any time (perhaps due to resource constraints). As with current DNS/TCP, clients MUST handle abrupt closes and be prepared to reestablish connections and/or retry queries.

Proper management of established and idle connections is important to the healthy operation of a DNS server. An implementation of DoQ SHOULD follow best practices for DNS/TCP, as described in . Failure to do so may lead to resource exhaustion and denial of service. This document does not make specific recommendations for timeout values on idle connections. Clients and servers should reuse and/or close connections depending on the level of available resources. Timeouts may be longer during periods of low activity and shorter during periods of high activity. Current work in this area may also assist DoT clients and servers in selecting useful timeout values . Clients that are willing to use QUIC's 0-RTT mechanism can reestablish connections and send transactions on the new connection with minimal delay overhead. These clients MAY chose low values of the idle timer, but SHOULD NOT pick value lower than 20 seconds. Per section 10.2 of QUIC transport specification, the effective value of the idle timeout is computed as the minimum of the values advertised by the two endpoints.

Servers and Clients manage flow control as specified in QUIC. Servers MAY use the "maximum stream ID" option of the QUIC transport to limit the number of streams opened by the client. This mechanism will effectively limit the number of DNS queries that a client can send.

The security considerations of DoQ should be comparable to those of DoT .

DoQ is specifically designed to protect the DNS traffic between stub and resolver from observations by third parties, and thus protect the privacy of queries from the stub. However, the recursive resolver has full visibility of the stub's traffic, and could be used as an observation point, as discussed in . These considerations do not differ between DoT and DoQ and are not discussed further here. QUIC incorporates the mechanisms of TLS 1.3 and this enables QUIC transmission of "Zero-RTT" data. This can provide interesting latency gains, but it raises two concerns: Adversaries could replay the zero-RTT data and infer its content from the behavior of the receiving server. The zero-RTT mechanism relies on TLS resume, which can provide linkability between successive client sessions. These issues are developed in and .

The zero-RTT data can be replayed by adversaries. That data may triggers a query by a recursive resolver to an authoritative resolvers. Adversaries may be able to pick a time at which the recursive resolver outgoing traffic is observable, and thus find out what name was queried for in the 0-RTT data. This risk is in fact a subset of the general problem of observing the behavior of the recursive resolver discussed in . The attack is partially mitigated by reducing the observability of this traffic. However, the risk is amplified for 0-RTT data, because the attacker might replay it at chosen times, several times. The recommendation in is that the capability to use 0-RTT data should be turned off by default, on only enabled if the user clearly understands the associated risks. QUESTION: Should 0-RTT only be used with Opportunistic profiles (i.e. disabled by default for Strict only)?

The QUIC session resume mechanism reduces the cost of reestablishing sessions and enables zero-RTT data. There is a linkability issue associated with session resume, if the same resume token is used several times, but this risk is mitigated by the mechanisms incorporated in QUIC and in TLS 1.3. With these mechanisms, clients and servers can cooperate to avoid linkability by third parties. However, the server will always be able to link the resumed session to the initial session. This creates a virtual long duration session. The series of queries in that session can be used by the server to identify the client. Enabling the server to link client sessions through session resume is probably not a large additional risk if the client's connectivity did not change between the sessions, since the two sessions can probably be correlated by comparing the IP addresses. On the other hand, if the addresses did change, the client SHOULD consider whether the linkability risk exceeds the privacy benefits. This evaluation will obviously depend on the level of trust between stub and recursive.

Even though QUIC packets are encrypted, adversaries can gain information from observing packet lengths, in both queries and responses, as well as packet timing. Many DNS requests are emitted by web browsers. Loading a specific web page may require resolving dozen of DNS names. If an application adopts a simple mapping of one query or response per packet, or "one QUIC STREAM frame per packet", then the succession of packet lengths may provide enough information to identify the requested site. Implementations SHOULD use the mechanisms defined in to mitigate this attack.

This document creates a new registration for the identification of DoQ in the "Application Layer Protocol Negotiation (ALPN) Protocol IDs" registry established in . The "doq" string identifies DoQ: Protocol: DoQ Identification Sequence: 0x64 0x71 ("dq") Specification: This document

IANA is required to add the following value to the "Service Name and Transport Protocol Port Number Registry" in the System Range. The registry for that range requires IETF Review or IESG Approval {{?RFC6335], and such a review was requested using the early allocation process {{?RFC7120] for the well-known UDP port in this document. Since port 853 is reserved for 'DNS query-response protocol run over TLS' consideration is requested for reserving port TBD for 'DNS query-response protocol run over QUIC'.

RFC Editor's Note: Please remove this section prior to publication of a final version of this document. Early experiments MAY use port 784. This port is marked in the IANA registry as unassigned.

This document liberally borrows text from edited by Mike Bishop, and from authored by Zi Hu, Liang Zhu, John Heidemann, Allison Mankin, Duane Wessels, and Paul Hoffman. The privacy issue with 0-RTT data and session resume were analyzed by Daniel Kahn Gillmor (DKG) in a message to the IETF "DPRIV" working group . Thanks to our wide cast of supporters.

This RFC is the revised basic definition of The Domain Name System. It obsoletes RFC-882. This memo describes the domain style names and their used for host address look up and electronic mail forwarding. It discusses the clients and servers in the domain name system and the protocol used between them. This RFC is the revised specification of the protocol and format used in the implementation of the Domain Name System. It obsoletes RFC-883. This memo documents the details of the domain name client - server communication. This document defines the core of the QUIC transport protocol. Accompanying documents describe QUIC's loss detection and congestion control and the use of TLS for key negotiation. Note to Readers Discussion of this draft takes place on the QUIC working group mailing list (quic@ietf.org), which is archived at <https://mailarchive.ietf.org/arch/search/?email_list=quic>. Working Group information can be found at <https://github.com/ quicwg>; source code and issues list for this draft can be found at <https://github.com/quicwg/base-drafts/labels/-transport>. This document describes how Transport Layer Security (TLS) is used to secure QUIC. This document adds terms and abbreviations to "DNS Terminology" (RFC 8499) that relate to DNS running over various transports, as well as terms and abbreviations for DNS resolution at traditional and non- traditional locations. This document discusses usage profiles, based on one or more authentication mechanisms, which can be used for DNS over Transport Layer Security (TLS) or Datagram TLS (DTLS). These profiles can increase the privacy of DNS transactions compared to using only cleartext DNS. This document also specifies new authentication mechanisms -- it describes several ways that a DNS client can use an authentication domain name to authenticate a (D)TLS connection to a DNS server. Additionally, it defines (D)TLS protocol profiles for DNS clients and servers implementing DNS over (D)TLS. This document updates RFC 7858. RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. DNS Cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and amplification/ forgery or cache poisoning attacks by off-path attackers. DNS Cookies are tolerant of NAT, NAT-PT (Network Address Translation - Protocol Translation), and anycast and can be incrementally deployed. (Since DNS Cookies are only returned to the IP address from which they were originally received, they cannot be used to generally track Internet users.) This document describes a Transport Layer Security (TLS) extension for application-layer protocol negotiation within the TLS handshake. For instances in which multiple application protocols are supported on the same TCP or UDP port, this extension allows the application layer to negotiate which protocol will be used within the TLS connection. This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead from using TCP and TLS with DNS.This document focuses on securing stub-to-recursive traffic, as per the charter of the DPRIVE Working Group. It does not prevent future applications of the protocol to recursive-to-authoritative traffic. The standard means within the Domain Name System protocol for maintaining coherence among a zone's authoritative name servers consists of three mechanisms. Authoritative Transfer (AXFR) is one of the mechanisms and is defined in RFC 1034 and RFC 1035.The definition of AXFR has proven insufficient in detail, thereby forcing implementations intended to be compliant to make assumptions, impeding interoperability. Yet today we have a satisfactory set of implementations that do interoperate. This document is a new definition of AXFR -- new in the sense that it records an accurate definition of an interoperable AXFR mechanism. [STANDARDS-TRACK] DNS zone transfers are transmitted in clear text, which gives attackers the opportunity to collect the content of a zone by eavesdropping on network connections. The DNS Transaction Signature (TSIG) mechanism is specified to restrict direct zone transfer to authorized clients only, but it does not add confidentiality. This document specifies use of DNS-over-TLS to prevent zone contents collection via passive monitoring of zone transfers. This document defines a protocol for sending DNS queries and getting DNS responses over HTTPS. Each DNS query-response pair is mapped into an HTTP exchange. The QUIC transport protocol has several features that are desirable in a transport for HTTP, such as stream multiplexing, per-stream flow control, and low-latency connection establishment. This document describes a mapping of HTTP semantics over QUIC. This document also identifies HTTP/2 features that are subsumed by QUIC, and describes how HTTP/2 extensions can be ported to HTTP/3. This document provides requirements for adding confidentiality to DNS exchanges between recursive resolvers and authoritative servers. This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document describes loss detection and congestion control mechanisms for QUIC. DNS queries and responses are visible to network elements on the path between the DNS client and its server. These queries and responses can contain privacy-sensitive information, which is valuable to protect.This document proposes the use of Datagram Transport Layer Security (DTLS) for DNS, to protect against passive listeners and certain active attacks. As latency is critical for DNS, this proposal also discusses mechanisms to reduce DTLS round trips and reduce the DTLS handshake size. The proposed mechanism runs over port 853. The Domain Name System (DNS) was designed to return matching records efficiently for queries for data that are relatively static. When those records change frequently, DNS is still efficient at returning the updated results when polled, as long as the polling rate is not too high. But there exists no mechanism for a client to be asynchronously notified when these changes occur. This document defines a mechanism for a client to be notified of such changes to DNS records, called DNS Push Notifications. This document specifies the EDNS(0) "Padding" option, which allows DNS clients and servers to pad request and response messages by a variable number of octets. RFC 7830 specifies the "Padding" option for Extension Mechanisms for DNS (EDNS(0)) but does not specify the actual padding length for specific applications. This memo lists the possible options ("padding policies"), discusses the implications of each option, and provides a recommended (experimental) option. This document specifies the requirement for support of TCP as a transport protocol for DNS implementations and provides guidelines towards DNS-over-TCP performance on par with that of DNS-over-UDP. This document obsoletes RFC 5966 and therefore updates RFC 1035 and RFC 1123. DNS messages between clients and servers may be received over either UDP or TCP. UDP transport involves keeping less state on a busy server, but can cause truncation and retries over TCP. Additionally, UDP can be exploited for reflection attacks. Using TCP would reduce retransmits and amplification. However, clients commonly use TCP only for retries and servers typically use idle timeouts on the order of seconds.This document defines an EDNS0 option ("edns-tcp-keepalive") that allows DNS servers to signal a variable idle timeout. This signalling encourages the use of long-lived TCP connections by allowing the state associated with TCP transport to be managed effectively with minimal impact on the DNS transaction time. This document defines a new DNS OPCODE for DNS Stateful Operations (DSO). DSO messages communicate operations within persistent stateful sessions using Type Length Value (TLV) syntax. Three TLVs are defined that manage session timeouts, termination, and encryption padding, and a framework is defined for extensions to enable new stateful operations. This document updates RFC 1035 by adding a new DNS header OPCODE that has both different message semantics and a new result code. This document updates RFC 7766 by redefining a session, providing new guidance on connection reuse, and providing a new mechanism for handling session idle timeouts. This document describes the privacy issues associated with the use of the DNS by Internet users. It is intended to be an analysis of the present situation and does not prescribe solutions. This document obsoletes RFC 7626. This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.