The IESG has approved the following document: - 'Domain Name System (DNS) Cookies' (draft-ietf-dnsop-cookies-10.txt) as Proposed Standard This document is the product of the Domain Name System Operations Working Group. The IESG contact persons are Benoit Claise and Joel Jaeggli. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-dnsop-cookies/ Technical Summary DNS cookies are a lightweight DNS transaction security mechanism that provides limited protection to DNS servers and clients against a variety of increasingly common denial-of-service and amplification / forgery or cache poisoning attacks by off-path attackers. DNS Cookies are tolerant of NAT, NAT-PT, and anycast and can be incrementally deployed. Working Group Summary This draft was originally raised several years ago but it languished due to working group hubris. When it was revised, the working group had broad consensus this was a relevant document. The draft had many reviewers, and also picked up another author as the design was polished. Initially, the draft defined the EDNS Option to have an Error Code that was returned. After much discussion, and a prototype deployment of the option, it was decided that the Error Code was not needed, and was removed. Since then a second implementation has appeared The working group was in strong consensus behind this draft. Personnel Document Shepherd: Tim Wicinski Area Director: Joel Jaggeli
