Back DNS over TLS Czech DNS over TLS German DNS mediante TLS Spanish دیاناس بر روی تیالاس Persian DNS over TLS Finnish DNS over TLS French DNS over TLS (DoT) HE DNS over TLS ID DNS over TLS Japanese DNS over TLS Korean
| Abbreviation | DoT |
|---|---|
| Status | Proposed Standard |
| Latest version | RFC 7858, RFC 8310 May 2016 and March 2018 |
| Organization | IETF |
| Authors |
|
| Internet security protocols |
|---|
| Key management |
| Application layer |
| Domain Name System |
| Internet Layer |
DNS over TLS (DoT) is a network security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol. The goal of the method is to increase user privacy and security by preventing eavesdropping and manipulation of DNS data via man-in-the-middle attacks. The well-known port number for DoT is 853.
While DNS over TLS is applicable to any DNS transaction, it was first standardized for use between stub or forwarding resolvers and recursive resolvers, in RFC 7858 in May of 2016. Subsequent IETF efforts specify the use of DoT between recursive and authoritative servers ("Authoritative DNS over TLS" or "ADoT")[1] and a related implementation between authoritative servers (Zone Transfer-over-TLS or "xfr-over-TLS").[2]
- ^ Henderson, Karl; April, Tim; Livingood, Jason (2020-02-14). "Authoritative DNS-over-TLS Operational Considerations". Ietf Datatracker. Internet Engineering Task Force. Retrieved 17 July 2021.
- ^ Mankin, Allison (2019-07-08). "DNS Zone Transfer-over-TLS". Ietf Datatracker. Internet Engineering Task Force. Retrieved 17 July 2021.