| rfc9464v5.txt | rfc9464.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) M. Boucadair | Internet Engineering Task Force (IETF) M. Boucadair | |||
| Request for Comments: 9464 Orange | Request for Comments: 9464 Orange | |||
| Category: Standards Track T. Reddy.K | Category: Standards Track T. Reddy.K | |||
| ISSN: 2070-1721 Nokia | ISSN: 2070-1721 Nokia | |||
| D. Wing | D. Wing | |||
| Cloud Software Group | Cloud Software Group | |||
| V. Smyslov | V. Smyslov | |||
| ELVIS-PLUS | ELVIS-PLUS | |||
| October 2023 | November 2023 | |||
| Internet Key Exchange Protocol Version 2 (IKEv2) Configuration for | Internet Key Exchange Protocol Version 2 (IKEv2) Configuration for | |||
| Encrypted DNS | Encrypted DNS | |||
| Abstract | Abstract | |||
| This document specifies new Internet Key Exchange Protocol Version 2 | This document specifies new Internet Key Exchange Protocol Version 2 | |||
| (IKEv2) Configuration Payload Attribute Types to assign DNS resolvers | (IKEv2) Configuration Payload Attribute Types to assign DNS resolvers | |||
| that support encrypted DNS protocols, such as DNS over HTTPS (DoH), | that support encrypted DNS protocols, such as DNS over HTTPS (DoH), | |||
| DNS over TLS (DoT), and DNS over QUIC (DoQ). | DNS over TLS (DoT), and DNS over QUIC (DoQ). | |||
| skipping to change at line 127 ¶ | skipping to change at line 127 ¶ | |||
| capitals, as shown here. | capitals, as shown here. | |||
| This document uses the terms defined in [RFC8499]. | This document uses the terms defined in [RFC8499]. | |||
| Also, this document uses the terms defined in [RFC7296]. In | Also, this document uses the terms defined in [RFC7296]. In | |||
| particular, readers should be familiar with the terms "initiator" and | particular, readers should be familiar with the terms "initiator" and | |||
| "responder" as used in that document. | "responder" as used in that document. | |||
| This document makes use of the following terms: | This document makes use of the following terms: | |||
| Do53: | Do53: Refers to unencrypted DNS. | |||
| Refers to unencrypted DNS. | ||||
| Encrypted DNS: | Encrypted DNS: Refers to a scheme where DNS messages are sent over | |||
| Refers to a scheme where DNS messages are sent over an encrypted | an encrypted channel. Examples of encrypted DNS are DoT, DoH, and | |||
| channel. Examples of encrypted DNS are DoT, DoH, and DoQ. | DoQ. | |||
| ENCDNS_IP*: | ENCDNS_IP*: Refers to any of the IKEv2 Configuration Payload | |||
| Refers to any of the IKEv2 Configuration Payload Attribute Types | Attribute Types defined in Section 3.1. | |||
| defined in Section 3.1. | ||||
| 3. IKEv2 Configuration Payload Attribute Types for Encrypted DNS | 3. IKEv2 Configuration Payload Attribute Types for Encrypted DNS | |||
| 3.1. ENCDNS_IP* Configuration Payload Attributes | 3.1. ENCDNS_IP* Configuration Payload Attributes | |||
| The ENCDNS_IP* IKEv2 Configuration Payload Attribute Types, | The ENCDNS_IP* IKEv2 Configuration Payload Attribute Types, | |||
| ENCDNS_IP4 and ENCDNS_IP6, are used to configure an initiator with | ENCDNS_IP4 and ENCDNS_IP6, are used to configure an initiator with | |||
| encrypted DNS resolvers. Both attribute types share the format shown | encrypted DNS resolvers. Both attribute types share the format shown | |||
| in Figure 1. The information included in these attributes adheres to | in Figure 1. The information included in these attributes adheres to | |||
| the recommendation in Section 3.1.9 of [RFC9463]. | the recommendation in Section 3.1.9 of [RFC9463]. | |||
| skipping to change at line 167 ¶ | skipping to change at line 165 ¶ | |||
| ~ Authentication Domain Name ~ | ~ Authentication Domain Name ~ | |||
| +---------------------------------------------------------------+ | +---------------------------------------------------------------+ | |||
| ~ Service Parameters (SvcParams) ~ | ~ Service Parameters (SvcParams) ~ | |||
| +---------------------------------------------------------------+ | +---------------------------------------------------------------+ | |||
| Figure 1: Format of ENCDNS_IP4 and ENCDNS_IP6 Configuration | Figure 1: Format of ENCDNS_IP4 and ENCDNS_IP6 Configuration | |||
| Attributes | Attributes | |||
| The description of the fields shown in Figure 1 is as follows: | The description of the fields shown in Figure 1 is as follows: | |||
| R (Reserved, 1 bit) - | R (Reserved, 1 bit): This bit MUST be set to zero and MUST be | |||
| This bit MUST be set to zero and MUST be ignored on receipt (see | ignored on receipt (see Section 3.15.1 of [RFC7296] for details). | |||
| Section 3.15.1 of [RFC7296] for details). | ||||
| Attribute Type (15 bits) - | Attribute Type (15 bits): Identifier for the Configuration Attribute | |||
| Identifier for the Configuration Attribute Type. This is set to | Type. This is set to 27 for ENCDNS_IP4 or 28 for ENCDNS_IP6, as | |||
| 27 for ENCDNS_IP4 or 28 for ENCDNS_IP6, as registered in | registered in Section 8. | |||
| Section 8. | ||||
| Length (2 octets, unsigned integer) - | Length (2 octets, unsigned integer): Length of the enclosed data in | |||
| Length of the enclosed data in octets. In particular, this field | octets. In particular, this field is set to: | |||
| is set to: | ||||
| * 0, if the Configuration payload has type (1) CFG_REQUEST and no | * 0, if the Configuration payload has type (1) CFG_REQUEST and no | |||
| specific DNS resolver is requested or (2) CFG_ACK. If the | specific DNS resolver is requested or (2) CFG_ACK. If the | |||
| "Length" field is set to 0, then the subsequent fields shown in | "Length" field is set to 0, then the subsequent fields shown in | |||
| Figure 1 are not present. | Figure 1 are not present. | |||
| * (4 + 'Length of the ADN' + N * 4 + 'Length of SvcParams') for | * (4 + 'Length of the ADN' + N * 4 + 'Length of SvcParams') for | |||
| ENCDNS_IP4 attributes if the Configuration payload has type | ENCDNS_IP4 attributes if the Configuration payload has type | |||
| CFG_REQUEST, CFG_REPLY, or CFG_SET, with N being the number of | CFG_REQUEST, CFG_REPLY, or CFG_SET, with N being the number of | |||
| included IPv4 addresses ("Num Addresses"). | included IPv4 addresses ("Num Addresses"). | |||
| * (4 + 'Length of the ADN' + N * 16 + 'Length of SvcParams') for | * (4 + 'Length of the ADN' + N * 16 + 'Length of SvcParams') for | |||
| ENCDNS_IP6 attributes if the Configuration payload has type | ENCDNS_IP6 attributes if the Configuration payload has type | |||
| CFG_REQUEST, CFG_REPLY, or CFG_SET, with N being the number of | CFG_REQUEST, CFG_REPLY, or CFG_SET, with N being the number of | |||
| included IPv6 addresses ("Num Addresses"). | included IPv6 addresses ("Num Addresses"). | |||
| Service Priority (2 octets) - | Service Priority (2 octets): The priority of this attribute compared | |||
| The priority of this attribute compared to other ENCDNS_IP* | to other ENCDNS_IP* instances. This 16-bit unsigned integer is | |||
| instances. This 16-bit unsigned integer is interpreted following | interpreted following the rules specified in Section 2.4.1 of | |||
| the rules specified in Section 2.4.1 of [RFC9460]. As AliasMode | [RFC9460]. As AliasMode (Section 2.4.2 of [RFC9460]) is not | |||
| (Section 2.4.2 of [RFC9460]) is not supported, this field MUST NOT | supported, this field MUST NOT be set to 0. Note that AliasMode | |||
| be set to 0. Note that AliasMode is not supported because such a | is not supported because such a mode will trigger additional Do53 | |||
| mode will trigger additional Do53 queries while the data can be | queries while the data can be supplied directly in the IKE | |||
| supplied directly in the IKE response. | response. | |||
| Num Addresses (1 octet) - | Num Addresses (1 octet): Indicates the number of enclosed IPv4 (for | |||
| Indicates the number of enclosed IPv4 (for ENCDNS_IP4) or IPv6 | ENCDNS_IP4) or IPv6 (for ENCDNS_IP6) addresses. This value MUST | |||
| (for ENCDNS_IP6) addresses. This value MUST NOT be set to 0 if | NOT be set to 0 if the Configuration payload has type CFG_REPLY or | |||
| the Configuration payload has type CFG_REPLY or CFG_SET. This may | CFG_SET. This may be set to 0 in CFG_REQUEST to indicate that no | |||
| be set to 0 in CFG_REQUEST to indicate that no IP address is | IP address is encoded in the attribute. | |||
| encoded in the attribute. | ||||
| ADN Length (1 octet) - | ADN Length (1 octet): Indicates the length of the "Authentication | |||
| Indicates the length of the "Authentication Domain Name" field in | Domain Name" field in octets. When set to 0, this means that no | |||
| octets. When set to 0, this means that no ADN is enclosed in the | ADN is enclosed in the attribute. | |||
| attribute. | ||||
| IP Address(es) (variable) - | IP Address(es) (variable): Includes one or more IP addresses that | |||
| Includes one or more IP addresses that can be used to reach the | can be used to reach the encrypted DNS resolver identified by the | |||
| encrypted DNS resolver identified by the ADN. For ENCDNS_IP4, | ADN. For ENCDNS_IP4, this field contains one or more 4-octet IPv4 | |||
| this field contains one or more 4-octet IPv4 addresses, and for | addresses, and for ENCDNS_IP6, this field contains one or more | |||
| ENCDNS_IP6, this field contains one or more 16-octet IPv6 | 16-octet IPv6 addresses. | |||
| addresses. | ||||
| Authentication Domain Name (variable) - | Authentication Domain Name (variable): A fully qualified domain name | |||
| A fully qualified domain name of the encrypted DNS resolver, in | of the encrypted DNS resolver, in DNS presentation format and | |||
| DNS presentation format and using an Internationalized Domain | using an Internationalized Domain Names for Applications (IDNA) | |||
| Names for Applications (IDNA) A-label [RFC5890]. The name MUST | A-label [RFC5890]. The name MUST NOT contain any terminators | |||
| NOT contain any terminators (e.g., NULL, CR). | (e.g., NULL, CR). | |||
| An example of a valid ADN for a DoH server is "doh1.example.com". | An example of a valid ADN for a DoH server is "doh1.example.com". | |||
| Service Parameters (SvcParams) (variable) - | Service Parameters (SvcParams) (variable): Specifies a set of | |||
| Specifies a set of service parameters that are encoded following | service parameters that are encoded following the same rules for | |||
| the same rules for encoding SvcParams using the wire format | encoding SvcParams using the wire format specified in Section 2.2 | |||
| specified in Section 2.2 of [RFC9460]. Section 3.1.5 of [RFC9463] | of [RFC9460]. Section 3.1.5 of [RFC9463] lists a set of service | |||
| lists a set of service parameters that are recommended to be | parameters that are recommended to be supported by | |||
| supported by implementations. | implementations. | |||
| The service parameters MUST NOT include "ipv4hint" or "ipv6hint" | The service parameters MUST NOT include "ipv4hint" or "ipv6hint" | |||
| SvcParams, as they are superseded by the included IP addresses. | SvcParams, as they are superseded by the included IP addresses. | |||
| If no "port" service parameter is included, this indicates that | If no "port" service parameter is included, this indicates that | |||
| default port numbers should be used. As a reminder, the default | default port numbers should be used. As a reminder, the default | |||
| port number is 853 for DoT (Section 6 of [RFC7858]), 443 for DoH | port number is 853 for DoT (Section 6 of [RFC7858]), 443 for DoH | |||
| (Section 8.1 of [RFC8484]), and 853 for DoQ (Section 8 of | (Section 8.1 of [RFC8484]), and 853 for DoQ (Section 8 of | |||
| [RFC9250]). | [RFC9250]). | |||
| skipping to change at line 294 ¶ | skipping to change at line 286 ¶ | |||
| +-+-------------+---------------+-------------------------------+ | +-+-------------+---------------+-------------------------------+ | |||
| | Num Hash Algs | ADN Length | | | | Num Hash Algs | ADN Length | | | |||
| +---------------+---------------+ + | +---------------+---------------+ + | |||
| ~ List of Hash Algorithm Identifiers ~ | ~ List of Hash Algorithm Identifiers ~ | |||
| +---------------------------------------------------------------+ | +---------------------------------------------------------------+ | |||
| Figure 3: ENCDNS_DIGEST_INFO Attribute Format in CFG_REQUEST | Figure 3: ENCDNS_DIGEST_INFO Attribute Format in CFG_REQUEST | |||
| The description of the fields shown in Figure 3 is as follows: | The description of the fields shown in Figure 3 is as follows: | |||
| R (Reserved, 1 bit) - | R (Reserved, 1 bit): This bit MUST be set to zero and MUST be | |||
| This bit MUST be set to zero and MUST be ignored on receipt (see | ignored on receipt (see Section 3.15.1 of [RFC7296] for details). | |||
| Section 3.15.1 of [RFC7296] for details). | ||||
| Attribute Type (15 bits) - | Attribute Type (15 bits): Identifier for the Configuration Attribute | |||
| Identifier for the Configuration Attribute Type. This is set to | Type. This is set to 29; see Section 8. | |||
| 29; see Section 8. | ||||
| Length (2 octets, unsigned integer) - | Length (2 octets, unsigned integer): Length of the enclosed data in | |||
| Length of the enclosed data in octets. This field MUST be set to | octets. This field MUST be set to "2 + (2 * 'number of included | |||
| "2 + (2 * 'number of included hash algorithm identifiers')". | hash algorithm identifiers')". | |||
| Num Hash Algs (1 octet) - | Num Hash Algs (1 octet): Indicates the number of identifiers | |||
| Indicates the number of identifiers included in the "List of Hash | included in the "List of Hash Algorithm Identifiers" field. This | |||
| Algorithm Identifiers" field. This field MUST be set to "(Length | field MUST be set to "(Length - 2)/2". | |||
| - 2)/2". | ||||
| ADN Length (1 octet) - | ADN Length (1 octet): MUST be set to 0. | |||
| MUST be set to 0. | ||||
| List of Hash Algorithm Identifiers (variable) - | List of Hash Algorithm Identifiers (variable): Specifies a list of | |||
| Specifies a list of 16-bit hash algorithm identifiers that are | 16-bit hash algorithm identifiers that are supported by the | |||
| supported by the encrypted DNS client. This list may be | encrypted DNS client. This list may be controlled by a local | |||
| controlled by a local policy. | policy. | |||
| The values of this field are identifiers taken from "IKEv2 Hash | The values of this field are identifiers taken from "IKEv2 Hash | |||
| Algorithms" on IANA's "Internet Key Exchange Version 2 (IKEv2) | Algorithms" on IANA's "Internet Key Exchange Version 2 (IKEv2) | |||
| Parameters" registry [IANA-IKE-HASH]. | Parameters" registry [IANA-IKE-HASH]. | |||
| There is no padding between the hash algorithm identifiers. | There is no padding between the hash algorithm identifiers. | |||
| Note that SHA2-256 is mandatory to implement (see Section 5). | Note that SHA2-256 is mandatory to implement (see Section 5). | |||
| The format of the ENCDNS_DIGEST_INFO attribute if the Configuration | The format of the ENCDNS_DIGEST_INFO attribute if the Configuration | |||
| skipping to change at line 348 ¶ | skipping to change at line 336 ¶ | |||
| +-------------------------------+-------------------------------+ | +-------------------------------+-------------------------------+ | |||
| | Hash Algorithm Identifier | ~ | | Hash Algorithm Identifier | ~ | |||
| +-------------------------------+ + | +-------------------------------+ + | |||
| ~ Certificate Digest ~ | ~ Certificate Digest ~ | |||
| +---------------------------------------------------------------+ | +---------------------------------------------------------------+ | |||
| Figure 4: ENCDNS_DIGEST_INFO Attribute Format in CFG_REPLY or CFG_SET | Figure 4: ENCDNS_DIGEST_INFO Attribute Format in CFG_REPLY or CFG_SET | |||
| The description of the fields shown in Figure 4 is as follows: | The description of the fields shown in Figure 4 is as follows: | |||
| R (Reserved, 1 bit) - | R (Reserved, 1 bit): This bit MUST be set to zero and MUST be | |||
| This bit MUST be set to zero and MUST be ignored on receipt (see | ignored on receipt (see Section 3.15.1 of [RFC7296] for details). | |||
| Section 3.15.1 of [RFC7296] for details). | ||||
| Attribute Type (15 bits) - | ||||
| Identifier for the Configuration Attribute Type. This is set to | ||||
| 29; see Section 8. | ||||
| Length (2 octets, unsigned integer) - | Attribute Type (15 bits): Identifier for the Configuration Attribute | |||
| Length of the data in octets. | Type. This is set to 29; see Section 8. | |||
| Num Hash Algs (1 octet) - | Length (2 octets, unsigned integer): Length of the data in octets. | |||
| MUST be set to 1. | ||||
| ADN Length (1 octet) - | Num Hash Algs (1 octet): MUST be set to 1. | |||
| Indicates the length of the "Authentication Domain Name" field in | ||||
| octets. When set to 0, this means that the digest applies on the | ||||
| ADN conveyed in the ENCDNS_IP* Configuration Payload Attribute. | ||||
| Authentication Domain Name (variable) - | ADN Length (1 octet): Indicates the length of the "Authentication | |||
| A fully qualified domain name of the encrypted DNS resolver | Domain Name" field in octets. When set to 0, this means that the | |||
| following the syntax defined in [RFC5890]. The name MUST NOT | digest applies on the ADN conveyed in the ENCDNS_IP* Configuration | |||
| contain any terminators (e.g., NULL, CR). A name is included only | ||||
| when multiple ADNs are included in the ENCDNS_IP* Configuration | ||||
| Payload Attribute. | Payload Attribute. | |||
| Hash Algorithm Identifier (2 octets) - | Authentication Domain Name (variable): A fully qualified domain name | |||
| Specifies the 16-bit hash algorithm identifier selected by the DNS | of the encrypted DNS resolver following the syntax defined in | |||
| resolver to generate the digest of its certificate. | [RFC5890]. The name MUST NOT contain any terminators (e.g., NULL, | |||
| CR). A name is included only when multiple ADNs are included in | ||||
| the ENCDNS_IP* Configuration Payload Attribute. | ||||
| Certificate Digest (variable) - | Hash Algorithm Identifier (2 octets): Specifies the 16-bit hash | |||
| Includes the Subject Public Key Info (SPKI) hash (Section 5) of | algorithm identifier selected by the DNS resolver to generate the | |||
| the encrypted DNS resolver certificate using the algorithm | digest of its certificate. | |||
| identified in the "Hash Algorithm Identifier" field. The length | ||||
| of this field is "Length - 4 - 'ADN Length'". | Certificate Digest (variable): Includes the Subject Public Key Info | |||
| (SPKI) hash (Section 5) of the encrypted DNS resolver certificate | ||||
| using the algorithm identified in the "Hash Algorithm Identifier" | ||||
| field. The length of this field is "Length - 4 - 'ADN Length'". | ||||
| The ENCDNS_DIGEST_INFO attribute may be present in the Configuration | The ENCDNS_DIGEST_INFO attribute may be present in the Configuration | |||
| payload of CFG_ACK. In such a case, the ENCDNS_DIGEST_INFO MUST be | payload of CFG_ACK. In such a case, the ENCDNS_DIGEST_INFO MUST be | |||
| returned with zero-length data. | returned with zero-length data. | |||
| As discussed in Section 3.15.1 of [RFC7296], there are no defined | As discussed in Section 3.15.1 of [RFC7296], there are no defined | |||
| uses for the CFG_SET/CFG_ACK exchange. The use of the | uses for the CFG_SET/CFG_ACK exchange. The use of the | |||
| ENCDNS_DIGEST_INFO attribute for these messages is provided for | ENCDNS_DIGEST_INFO attribute for these messages is provided for | |||
| completeness. | completeness. | |||
| skipping to change at line 587 ¶ | skipping to change at line 569 ¶ | |||
| DOI 10.17487/RFC8310, March 2018, | DOI 10.17487/RFC8310, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8310>. | <https://www.rfc-editor.org/info/rfc8310>. | |||
| [RFC8598] Pauly, T. and P. Wouters, "Split DNS Configuration for the | [RFC8598] Pauly, T. and P. Wouters, "Split DNS Configuration for the | |||
| Internet Key Exchange Protocol Version 2 (IKEv2)", | Internet Key Exchange Protocol Version 2 (IKEv2)", | |||
| RFC 8598, DOI 10.17487/RFC8598, May 2019, | RFC 8598, DOI 10.17487/RFC8598, May 2019, | |||
| <https://www.rfc-editor.org/info/rfc8598>. | <https://www.rfc-editor.org/info/rfc8598>. | |||
| [RFC9460] Schwartz, B., Bishop, M., and E. Nygren, "Service Binding | [RFC9460] Schwartz, B., Bishop, M., and E. Nygren, "Service Binding | |||
| and Parameter Specification via the DNS (DNS SVCB and | and Parameter Specification via the DNS (DNS SVCB and | |||
| HTTPS Resource Records (RRs))", RFC 9460, | HTTPS Resource Records)", RFC 9460, DOI 10.17487/RFC9460, | |||
| DOI 10.17487/RFC9460, October 2023, | November 2023, <https://www.rfc-editor.org/info/rfc9460>. | |||
| <https://www.rfc-editor.org/info/rfc9460>. | ||||
| 9.2. Informative References | 9.2. Informative References | |||
| [IANA-IKE-CFG] | [IANA-IKE-CFG] | |||
| IANA, "IKEv2 Configuration Payload Attribute Types", | IANA, "IKEv2 Configuration Payload Attribute Types", | |||
| <https://www.iana.org/assignments/ikev2-parameters/>. | <https://www.iana.org/assignments/ikev2-parameters/>. | |||
| [INTERNET-THREAT-MODEL] | [INTERNET-THREAT-MODEL] | |||
| Arkko, J. and S. Farrell, "Challenges and Changes in the | Arkko, J. and S. Farrell, "Challenges and Changes in the | |||
| Internet Threat Model", Work in Progress, Internet-Draft, | Internet Threat Model", Work in Progress, Internet-Draft, | |||
| draft-arkko-farrell-arch-model-t-04, 14 July 2020, | draft-arkko-farrell-arch-model-t-04, 13 July 2020, | |||
| <https://datatracker.ietf.org/api/v1/doc/document/draft- | <https://datatracker.ietf.org/doc/html/draft-arkko- | |||
| arkko-farrell-arch-model-t/>. | farrell-arch-model-t-04>. | |||
| [RFC7619] Smyslov, V. and P. Wouters, "The NULL Authentication | [RFC7619] Smyslov, V. and P. Wouters, "The NULL Authentication | |||
| Method in the Internet Key Exchange Protocol Version 2 | Method in the Internet Key Exchange Protocol Version 2 | |||
| (IKEv2)", RFC 7619, DOI 10.17487/RFC7619, August 2015, | (IKEv2)", RFC 7619, DOI 10.17487/RFC7619, August 2015, | |||
| <https://www.rfc-editor.org/info/rfc7619>. | <https://www.rfc-editor.org/info/rfc7619>. | |||
| [RFC7671] Dukhovni, V. and W. Hardaker, "The DNS-Based | [RFC7671] Dukhovni, V. and W. Hardaker, "The DNS-Based | |||
| Authentication of Named Entities (DANE) Protocol: Updates | Authentication of Named Entities (DANE) Protocol: Updates | |||
| and Operational Guidance", RFC 7671, DOI 10.17487/RFC7671, | and Operational Guidance", RFC 7671, DOI 10.17487/RFC7671, | |||
| October 2015, <https://www.rfc-editor.org/info/rfc7671>. | October 2015, <https://www.rfc-editor.org/info/rfc7671>. | |||
| skipping to change at line 644 ¶ | skipping to change at line 625 ¶ | |||
| <https://www.rfc-editor.org/info/rfc9076>. | <https://www.rfc-editor.org/info/rfc9076>. | |||
| [RFC9250] Huitema, C., Dickinson, S., and A. Mankin, "DNS over | [RFC9250] Huitema, C., Dickinson, S., and A. Mankin, "DNS over | |||
| Dedicated QUIC Connections", RFC 9250, | Dedicated QUIC Connections", RFC 9250, | |||
| DOI 10.17487/RFC9250, May 2022, | DOI 10.17487/RFC9250, May 2022, | |||
| <https://www.rfc-editor.org/info/rfc9250>. | <https://www.rfc-editor.org/info/rfc9250>. | |||
| [RFC9463] Boucadair, M., Ed., Reddy.K, T., Ed., Wing, D., Cook, N., | [RFC9463] Boucadair, M., Ed., Reddy.K, T., Ed., Wing, D., Cook, N., | |||
| and T. Jensen, "DHCP and Router Advertisement Options for | and T. Jensen, "DHCP and Router Advertisement Options for | |||
| the Discovery of Network-designated Resolvers (DNR)", | the Discovery of Network-designated Resolvers (DNR)", | |||
| RFC 9463, DOI 10.17487/RFC9463, October 2023, | RFC 9463, DOI 10.17487/RFC9463, November 2023, | |||
| <https://www.rfc-editor.org/info/rfc9463>. | <https://www.rfc-editor.org/info/rfc9463>. | |||
| Appendix A. Configuration Payload Examples | Appendix A. Configuration Payload Examples | |||
| A.1. Configuration of Encrypted IPv6 DNS Resolvers without Suggested | A.1. Configuration of Encrypted IPv6 DNS Resolvers without Suggested | |||
| Values | Values | |||
| Figure 5 depicts an example of a CFG_REQUEST to request the | Figure 5 depicts an example of a CFG_REQUEST to request the | |||
| configuration of IPv6 DNS resolvers without providing any suggested | configuration of IPv6 DNS resolvers without providing any suggested | |||
| values. In this example, the initiator uses the ENCDNS_DIGEST_INFO | values. In this example, the initiator uses the ENCDNS_DIGEST_INFO | |||
| End of changes. 29 change blocks. | ||||
| 108 lines changed or deleted | 89 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||