| < draft-ietf-add-ddr-05.txt | draft-ietf-add-ddr-06.txt > | |||
|---|---|---|---|---|
| ADD T. Pauly | ADD T. Pauly | |||
| Internet-Draft E. Kinnear | Internet-Draft E. Kinnear | |||
| Intended status: Standards Track Apple Inc. | Intended status: Standards Track Apple Inc. | |||
| Expires: 4 August 2022 C.A. Wood | Expires: 6 October 2022 C. A. Wood | |||
| Cloudflare | Cloudflare | |||
| P. McManus | P. McManus | |||
| Fastly | Fastly | |||
| T. Jensen | T. Jensen | |||
| Microsoft | Microsoft | |||
| 31 January 2022 | 4 April 2022 | |||
| Discovery of Designated Resolvers | Discovery of Designated Resolvers | |||
| draft-ietf-add-ddr-05 | draft-ietf-add-ddr-06 | |||
| Abstract | Abstract | |||
| This document defines Discovery of Designated Resolvers (DDR), a | This document defines Discovery of Designated Resolvers (DDR), a | |||
| mechanism for DNS clients to use DNS records to discover a resolver's | mechanism for DNS clients to use DNS records to discover a resolver's | |||
| encrypted DNS configuration. This mechanism can be used to move from | encrypted DNS configuration. This mechanism can be used to move from | |||
| unencrypted DNS to encrypted DNS when only the IP address of a | unencrypted DNS to encrypted DNS when only the IP address of a | |||
| resolver is known. This mechanism is designed to be limited to cases | resolver is known. This mechanism is designed to be limited to cases | |||
| where unencrypted resolvers and their designated resolvers are | where unencrypted resolvers and their designated resolvers are | |||
| operated by the same entity or cooperating entities. It can also be | operated by the same entity or cooperating entities. It can also be | |||
| skipping to change at page 2, line 10 ¶ | skipping to change at page 2, line 10 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 4 August 2022. | This Internet-Draft will expire on 6 October 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 41 ¶ | skipping to change at page 2, line 41 ¶ | |||
| 3. DNS Service Binding Records . . . . . . . . . . . . . . . . . 4 | 3. DNS Service Binding Records . . . . . . . . . . . . . . . . . 4 | |||
| 4. Discovery Using Resolver IP Addresses . . . . . . . . . . . . 5 | 4. Discovery Using Resolver IP Addresses . . . . . . . . . . . . 5 | |||
| 4.1. Use of Designated Resolvers . . . . . . . . . . . . . . . 6 | 4.1. Use of Designated Resolvers . . . . . . . . . . . . . . . 6 | |||
| 4.2. Verified Discovery . . . . . . . . . . . . . . . . . . . 7 | 4.2. Verified Discovery . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.3. Opportunistic Discovery . . . . . . . . . . . . . . . . . 8 | 4.3. Opportunistic Discovery . . . . . . . . . . . . . . . . . 8 | |||
| 5. Discovery Using Resolver Names . . . . . . . . . . . . . . . 8 | 5. Discovery Using Resolver Names . . . . . . . . . . . . . . . 8 | |||
| 6. Deployment Considerations . . . . . . . . . . . . . . . . . . 9 | 6. Deployment Considerations . . . . . . . . . . . . . . . . . . 9 | |||
| 6.1. Caching Forwarders . . . . . . . . . . . . . . . . . . . 9 | 6.1. Caching Forwarders . . . . . . . . . . . . . . . . . . . 9 | |||
| 6.2. Certificate Management . . . . . . . . . . . . . . . . . 10 | 6.2. Certificate Management . . . . . . . . . . . . . . . . . 10 | |||
| 6.3. Server Name Handling . . . . . . . . . . . . . . . . . . 10 | 6.3. Server Name Handling . . . . . . . . . . . . . . . . . . 10 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 | 6.4. Handling non-DDR queries for resolver.arpa . . . . . . . 10 | |||
| 6.5. Interaction with Network-Designated Resolvers . . . . . . 10 | ||||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 | ||||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 8.1. Special Use Domain Name "resolver.arpa" . . . . . . . . . 11 | 8.1. Special Use Domain Name "resolver.arpa" . . . . . . . . . 12 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 11 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 12 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 12 | 9.2. Informative References . . . . . . . . . . . . . . . . . 13 | |||
| Appendix A. Rationale for using SVCB records . . . . . . . . . . 13 | Appendix A. Rationale for using SVCB records . . . . . . . . . . 15 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 1. Introduction | 1. Introduction | |||
| When DNS clients wish to use encrypted DNS protocols such as DNS- | When DNS clients wish to use encrypted DNS protocols such as DNS- | |||
| over-TLS (DoT) [RFC7858] or DNS-over-HTTPS (DoH) [RFC8484], they | over-TLS (DoT) [RFC7858] or DNS-over-HTTPS (DoH) [RFC8484], they | |||
| require additional information beyond the IP address of the DNS | require additional information beyond the IP address of the DNS | |||
| server, such as the resolver's hostname, non-standard ports, or URL | server, such as the resolver's hostname, non-standard ports, or URL | |||
| paths. However, common configuration mechanisms only provide the | paths. However, common configuration mechanisms only provide the | |||
| resolver's IP address during configuration. Such mechanisms include | resolver's IP address during configuration. Such mechanisms include | |||
| network provisioning protocols like DHCP [RFC2132] and IPv6 Router | network provisioning protocols like DHCP [RFC2132] and IPv6 Router | |||
| skipping to change at page 10, line 26 ¶ | skipping to change at page 10, line 26 ¶ | |||
| connections, or in the URI host for DoH requests. | connections, or in the URI host for DoH requests. | |||
| When performing discovery using resolver IP addresses, clients MUST | When performing discovery using resolver IP addresses, clients MUST | |||
| use the IP address as the URI host for DoH requests. | use the IP address as the URI host for DoH requests. | |||
| Note that since IP addresses are not supported by default in the TLS | Note that since IP addresses are not supported by default in the TLS | |||
| SNI, resolvers that support discovery using IP addresses will need to | SNI, resolvers that support discovery using IP addresses will need to | |||
| be configured to present the appropriate TLS certificate when no SNI | be configured to present the appropriate TLS certificate when no SNI | |||
| is present for both DoT and DoH. | is present for both DoT and DoH. | |||
| 6.4. Handling non-DDR queries for resolver.arpa | ||||
| DNS resolvers that support DDR by responding to queries for | ||||
| _dns.resolver.arpa SHOULD treat resolver.arpa as a locally served | ||||
| zone per [RFC6303]. In practice, this means that resolvers SHOULD | ||||
| respond to queries of any type other than SVCB for _dns.resolver.arpa | ||||
| with NODATA and queries of any type for any domain name under | ||||
| resolver.arpa with NODATA. | ||||
| 6.5. Interaction with Network-Designated Resolvers | ||||
| Discovery of network-designated resolvers (DNR, [I-D.ietf-add-dnr]) | ||||
| allows a network to provide designation of resolvers directly through | ||||
| DHCP [RFC2132] [RFC8415] and IPv6 Router Advertisement (RA) [RFC4861] | ||||
| options. When such indications are present, clients can suppress | ||||
| queries for "resolver.arpa" to the unencrypted DNS server indicated | ||||
| by the network over DHCP or RAs, and the DNR indications SHOULD take | ||||
| precedence over those discovered using "resolver.arpa" for the same | ||||
| resolver if there is a conflict. | ||||
| The designated resolver information in DNR might not contain a full | ||||
| set of SvcParams needed to connect to an encrypted resolver. In such | ||||
| a case, the client can use an SVCB query using a resolver name, as | ||||
| described in Section 5, to the authentication-domain-name (ADN). | ||||
| 7. Security Considerations | 7. Security Considerations | |||
| Since clients can receive DNS SVCB answers over unencrypted DNS, on- | Since clients can receive DNS SVCB answers over unencrypted DNS, on- | |||
| path attackers can prevent successful discovery by dropping SVCB | path attackers can prevent successful discovery by dropping SVCB | |||
| packets. Clients should be aware that it might not be possible to | packets. Clients should be aware that it might not be possible to | |||
| distinguish between resolvers that do not have any Designated | distinguish between resolvers that do not have any Designated | |||
| Resolver and such an active attack. To limit the impact of discovery | Resolver and such an active attack. To limit the impact of discovery | |||
| queries being dropped either maliciously or unintentionally, clients | queries being dropped either maliciously or unintentionally, clients | |||
| can re-send their SVCB queries periodically. | can re-send their SVCB queries periodically. | |||
| skipping to change at page 11, line 24 ¶ | skipping to change at page 12, line 4 ¶ | |||
| The constraints on the use of Designated Resolvers specified here | The constraints on the use of Designated Resolvers specified here | |||
| apply specifically to the automatic discovery mechanisms defined in | apply specifically to the automatic discovery mechanisms defined in | |||
| this document, which are referred to as Verified Discovery and | this document, which are referred to as Verified Discovery and | |||
| Opportunistic Discovery. Clients MAY use some other mechanism to | Opportunistic Discovery. Clients MAY use some other mechanism to | |||
| verify and use Designated Resolvers discovered using the DNS SVCB | verify and use Designated Resolvers discovered using the DNS SVCB | |||
| record. However, use of such an alternate mechanism needs to take | record. However, use of such an alternate mechanism needs to take | |||
| into account the attack scenarios detailed here. | into account the attack scenarios detailed here. | |||
| 8. IANA Considerations | 8. IANA Considerations | |||
| 8.1. Special Use Domain Name "resolver.arpa" | 8.1. Special Use Domain Name "resolver.arpa" | |||
| This document calls for the addition of "resolver.arpa" to the | This document calls for the addition of "resolver.arpa" to the | |||
| Special-Use Domain Names (SUDN) registry established by [RFC6761]. | Special-Use Domain Names (SUDN) registry established by [RFC6761]. | |||
| This will allow resolvers to respond to queries directed at | This will allow resolvers to respond to queries directed at | |||
| themselves rather than a specific domain name. While this document | themselves rather than a specific domain name. While this document | |||
| uses "resolver.arpa" to return SVCB records indicating designated | uses "resolver.arpa" to return SVCB records indicating designated | |||
| encrypted capability, the name is generic enough to allow future | encrypted capability, the name is generic enough to allow future | |||
| reuse for other purposes where the resolver wishes to provide | reuse for other purposes where the resolver wishes to provide | |||
| information about itself to the client. | information about itself to the client. | |||
| The "resolver.arpa" SUDN is similar to "ipv4only.arpa" in that the | The "resolver.arpa" SUDN is similar to "ipv4only.arpa" in that the | |||
| querying client is not interested in an answer from the authoritative | querying client is not interested in an answer from the authoritative | |||
| "arpa" name servers. The intent of the SUDN is to allow clients to | "arpa" name servers. The intent of the SUDN is to allow clients to | |||
| communicate with the Unencrypted Resolver much like "ipv4only.arpa" | communicate with the Unencrypted Resolver much like "ipv4only.arpa" | |||
| allows for client-to-middlebox communication. For more context, see | allows for client-to-middlebox communication. For more context, see | |||
| the rationale behind "ipv4only.arpa" in [RFC8880]. | the rationale behind "ipv4only.arpa" in [RFC8880]. | |||
| IANA is requested to add an entry in "Transport-Independent Locally- | ||||
| Served DNS Zones" registry for 'resolver.arpa.' with the description | ||||
| "DNS Resolver Special-Use Domain", listing this document as the | ||||
| reference. | ||||
| 9. References | 9. References | |||
| 9.1. Normative References | 9.1. Normative References | |||
| [I-D.ietf-add-svcb-dns] | [I-D.ietf-add-svcb-dns] | |||
| Schwartz, B., "Service Binding Mapping for DNS Servers", | Schwartz, B., "Service Binding Mapping for DNS Servers", | |||
| Work in Progress, Internet-Draft, draft-ietf-add-svcb-dns- | Work in Progress, Internet-Draft, draft-ietf-add-svcb-dns- | |||
| 01, 21 October 2021, | 02, 1 February 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-add- | <https://datatracker.ietf.org/doc/html/draft-ietf-add- | |||
| svcb-dns-01>. | svcb-dns-02>. | |||
| [I-D.ietf-dnsop-svcb-https] | [I-D.ietf-dnsop-svcb-https] | |||
| Schwartz, B., Bishop, M., and E. Nygren, "Service binding | Schwartz, B., Bishop, M., and E. Nygren, "Service binding | |||
| and parameter specification via the DNS (DNS SVCB and | and parameter specification via the DNS (DNS SVCB and | |||
| HTTPS RRs)", Work in Progress, Internet-Draft, draft-ietf- | HTTPS RRs)", Work in Progress, Internet-Draft, draft-ietf- | |||
| dnsop-svcb-https-08, 12 October 2021, | dnsop-svcb-https-08, 12 October 2021, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-dnsop- | <https://datatracker.ietf.org/doc/html/draft-ietf-dnsop- | |||
| svcb-https-08>. | svcb-https-08>. | |||
| [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. | [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. | |||
| J., and E. Lear, "Address Allocation for Private | J., and E. Lear, "Address Allocation for Private | |||
| Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918, | Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918, | |||
| February 1996, <https://www.rfc-editor.org/rfc/rfc1918>. | February 1996, <https://www.rfc-editor.org/rfc/rfc1918>. | |||
| [RFC6303] Andrews, M., "Locally Served DNS Zones", BCP 163, | ||||
| RFC 6303, DOI 10.17487/RFC6303, July 2011, | ||||
| <https://www.rfc-editor.org/rfc/rfc6303>. | ||||
| [RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names", | [RFC6761] Cheshire, S. and M. Krochmal, "Special-Use Domain Names", | |||
| RFC 6761, DOI 10.17487/RFC6761, February 2013, | RFC 6761, DOI 10.17487/RFC6761, February 2013, | |||
| <https://www.rfc-editor.org/rfc/rfc6761>. | <https://www.rfc-editor.org/rfc/rfc6761>. | |||
| [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., | [RFC7858] Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., | |||
| and P. Hoffman, "Specification for DNS over Transport | and P. Hoffman, "Specification for DNS over Transport | |||
| Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May | Layer Security (TLS)", RFC 7858, DOI 10.17487/RFC7858, May | |||
| 2016, <https://www.rfc-editor.org/rfc/rfc7858>. | 2016, <https://www.rfc-editor.org/rfc/rfc7858>. | |||
| [RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS | [RFC8484] Hoffman, P. and P. McManus, "DNS Queries over HTTPS | |||
| (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, | (DoH)", RFC 8484, DOI 10.17487/RFC8484, October 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8484>. | <https://www.rfc-editor.org/rfc/rfc8484>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [I-D.ietf-add-dnr] | ||||
| Boucadair, M., Reddy, T., Wing, D., Cook, N., and T. | ||||
| Jensen, "DHCP and Router Advertisement Options for the | ||||
| Discovery of Network-designated Resolvers (DNR)", Work in | ||||
| Progress, Internet-Draft, draft-ietf-add-dnr-06, 22 March | ||||
| 2022, <https://datatracker.ietf.org/doc/html/draft-ietf- | ||||
| add-dnr-06>. | ||||
| [I-D.ietf-tls-esni] | [I-D.ietf-tls-esni] | |||
| Rescorla, E., Oku, K., Sullivan, N., and C. A. Wood, "TLS | Rescorla, E., Oku, K., Sullivan, N., and C. A. Wood, "TLS | |||
| Encrypted Client Hello", Work in Progress, Internet-Draft, | Encrypted Client Hello", Work in Progress, Internet-Draft, | |||
| draft-ietf-tls-esni-13, 12 August 2021, | draft-ietf-tls-esni-14, 13 February 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-tls- | <https://datatracker.ietf.org/doc/html/draft-ietf-tls- | |||
| esni-13>. | esni-14>. | |||
| [I-D.schinazi-httpbis-doh-preference-hints] | [I-D.schinazi-httpbis-doh-preference-hints] | |||
| Schinazi, D., Sullivan, N., and J. Kipp, "DoH Preference | Schinazi, D., Sullivan, N., and J. Kipp, "DoH Preference | |||
| Hints for HTTP", Work in Progress, Internet-Draft, draft- | Hints for HTTP", Work in Progress, Internet-Draft, draft- | |||
| schinazi-httpbis-doh-preference-hints-02, 13 July 2020, | schinazi-httpbis-doh-preference-hints-02, 13 July 2020, | |||
| <https://datatracker.ietf.org/doc/html/draft-schinazi- | <https://datatracker.ietf.org/doc/html/draft-schinazi- | |||
| httpbis-doh-preference-hints-02>. | httpbis-doh-preference-hints-02>. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/rfc/rfc2119>. | <https://www.rfc-editor.org/rfc/rfc2119>. | |||
| [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor | [RFC2132] Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor | |||
| Extensions", RFC 2132, DOI 10.17487/RFC2132, March 1997, | Extensions", RFC 2132, DOI 10.17487/RFC2132, March 1997, | |||
| <https://www.rfc-editor.org/rfc/rfc2132>. | <https://www.rfc-editor.org/rfc/rfc2132>. | |||
| [RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman, | ||||
| "Neighbor Discovery for IP version 6 (IPv6)", RFC 4861, | ||||
| DOI 10.17487/RFC4861, September 2007, | ||||
| <https://www.rfc-editor.org/rfc/rfc4861>. | ||||
| [RFC5507] IAB, Faltstrom, P., Ed., Austein, R., Ed., and P. Koch, | [RFC5507] IAB, Faltstrom, P., Ed., Austein, R., Ed., and P. Koch, | |||
| Ed., "Design Choices When Expanding the DNS", RFC 5507, | Ed., "Design Choices When Expanding the DNS", RFC 5507, | |||
| DOI 10.17487/RFC5507, April 2009, | DOI 10.17487/RFC5507, April 2009, | |||
| <https://www.rfc-editor.org/rfc/rfc5507>. | <https://www.rfc-editor.org/rfc/rfc5507>. | |||
| [RFC6105] Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., and J. | [RFC6105] Levy-Abegnoli, E., Van de Velde, G., Popoviciu, C., and J. | |||
| Mohacsi, "IPv6 Router Advertisement Guard", RFC 6105, | Mohacsi, "IPv6 Router Advertisement Guard", RFC 6105, | |||
| DOI 10.17487/RFC6105, February 2011, | DOI 10.17487/RFC6105, February 2011, | |||
| <https://www.rfc-editor.org/rfc/rfc6105>. | <https://www.rfc-editor.org/rfc/rfc6105>. | |||
| [RFC8106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, | [RFC8106] Jeong, J., Park, S., Beloeil, L., and S. Madanapalli, | |||
| "IPv6 Router Advertisement Options for DNS Configuration", | "IPv6 Router Advertisement Options for DNS Configuration", | |||
| RFC 8106, DOI 10.17487/RFC8106, March 2017, | RFC 8106, DOI 10.17487/RFC8106, March 2017, | |||
| <https://www.rfc-editor.org/rfc/rfc8106>. | <https://www.rfc-editor.org/rfc/rfc8106>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. | May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. | |||
| [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., | ||||
| Richardson, M., Jiang, S., Lemon, T., and T. Winters, | ||||
| "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", | ||||
| RFC 8415, DOI 10.17487/RFC8415, November 2018, | ||||
| <https://www.rfc-editor.org/rfc/rfc8415>. | ||||
| [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol | |||
| Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, | |||
| <https://www.rfc-editor.org/rfc/rfc8446>. | <https://www.rfc-editor.org/rfc/rfc8446>. | |||
| [RFC8880] Cheshire, S. and D. Schinazi, "Special Use Domain Name | [RFC8880] Cheshire, S. and D. Schinazi, "Special Use Domain Name | |||
| 'ipv4only.arpa'", RFC 8880, DOI 10.17487/RFC8880, August | 'ipv4only.arpa'", RFC 8880, DOI 10.17487/RFC8880, August | |||
| 2020, <https://www.rfc-editor.org/rfc/rfc8880>. | 2020, <https://www.rfc-editor.org/rfc/rfc8880>. | |||
| Appendix A. Rationale for using SVCB records | Appendix A. Rationale for using SVCB records | |||
| End of changes. 17 change blocks. | ||||
| 16 lines changed or deleted | 70 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||