[secdir] [new-work] WG Review: Adaptive DNS Discovery (add)

A new IETF WG has been proposed in the Applications and Real-Time Area. The
IESG has not made any determination yet. The following draft charter was
submitted, and is provided for informational purposes only. Please send your
comments to the IESG mailing list (iesg@ietf.org) by 2020-02-17.

Adaptive DNS Discovery (add)
-----------------------------------------------------------------------
Current status: Proposed WG

Chairs:
  David Lawrence <tale@dd.org>
  Glenn Deen <rgd.ietf@gmail.com>

Assigned Area Director:
  Barry Leiba <barryleiba@computer.org>

Applications and Real-Time Area Directors:
  Adam Roach <adam@nostrum.com>
  Alexey Melnikov <aamelnikov@fastmail.fm>
  Barry Leiba <barryleiba@computer.org>

Mailing list:
  Address: add@ietf.org
  To subscribe: https://www.ietf.org/mailman/listinfo/add
  Archive: https://mailarchive.ietf.org/arch/browse/add/

Group page: https://datatracker.ietf.org/group/add/

Charter: https://datatracker.ietf.org/doc/charter-ietf-add/

Adaptive DNS Discovery (ADD)
====================================
Proposed Working Group Charter

Sending DNS messages over encrypted transports, as defined in DNS over
TLS (DoT) [RFC 7858] and DNS over HTTPS (DoH) [RFC 8484], provides
benefits to the security and privacy of DNS data. Clients, such as
applications and host operating systems, have started adopting these
protocols to provide these user benefits.

This working group will focus on discovery and selection of DNS resolvers
by DNS clients in a variety of networking environments, including public
networks, private networks, and VPNs, supporting both encrypted and
unencrypted resolvers.  It is chartered solely to develop technical
mechanisms. Making any recommendations about specific policies for clients
or servers is out of scope.

Clients adopting encrypted DNS protocols need to determine which DNS
servers support those protocols, and which server to use for specific
queries if multiple servers are available. These decisions can vary based
on the network environment, and also based on the content and purpose of
the client queries.

Network operators that start offering DNS encryption on their servers also
need a way to indicate this support to clients. Communicating information
about resolver configuration and behavior allows clients to make more
informed decisions about which DNS servers to use. For example, a resolver
may be able to resolve private or local names as a split DNS server.

The Adaptive DNS Discovery (ADD) working group will work on the following
deliverables:

- Define a mechanism that allows clients to discover DNS resolvers
  that support encryption and that are available to the client
  either on the public Internet or on private or local networks.

- Define a mechanism that allows communication of DNS resolver
  information to clients for use in selection decisions. This could be
  part of the mechanism used for discovery, above.

- Develop an informational document that describes mechanisms for
  clients to detect specific network environments (such as captive portal
  and split horizon) and to use that information to inform their DNS
  configuration.

This working group will coordinate with dnsop, doh, and dprive for any
changes required in DNS protocols and will make sure that those
groups are included in major document reviews at appropriate times.
It will also work with capport to ensure that solutions are applicable
to captive networks.

Milestones:

TBD

_______________________________________________
new-work mailing list
new-work@ietf.org
https://www.ietf.org/mailman/listinfo/new-work